Improve detection of Alibaba flows (#1991)

7 files changed, 57 insertions, 57 deletions

diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out
index 8c4bb0d7d..bb1a2ebcb 100644
--- a/tests/cfgs/default/result/1kxun.pcap.out
+++ b/tests/cfgs/default/result/1kxun.pcap.out
@@ -21,7 +21,7 @@ Automa risk mask:     25/0 (search/found)
 Automa common alpns:  0/0 (search/found)
 Patricia risk mask:   252/0 (search/found)
 Patricia risk:        6/0 (search/found)
-Patricia protocols:   337/37 (search/found)
+Patricia protocols:   315/59 (search/found)
 
 Unknown	24	6428	14
 HTTP	249	355379	34
@@ -46,7 +46,7 @@ JA3 Host Stats:
 	1	 192.168.5.16             	 2      
 
 
-	1	TCP 192.168.2.126:45380 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][7 pkts/4845 bytes <-> 73 pkts/178280 bytes][Goodput ratio: 90/97][5.13 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 187/0 298/54 408/638 110/113][Pkt Len c2s/s2c min/avg/max/stddev: 490/759 692/2442 831/8706 147/1792][URL: mangaweb.1kxun.mobi/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e][StatusCode: 200][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /detail)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,52,0,33]
+	1	TCP 192.168.2.126:45380 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][7 pkts/4845 bytes <-> 73 pkts/178280 bytes][Goodput ratio: 90/97][5.13 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.947 (Download)][IAT c2s/s2c min/avg/max/stddev: 187/0 298/54 408/638 110/113][Pkt Len c2s/s2c min/avg/max/stddev: 490/759 692/2442 831/8706 147/1792][URL: mangaweb.1kxun.mobi/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e][StatusCode: 200][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /detail)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,52,0,33]
 	2	TCP 192.168.2.126:46170 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/552 bytes <-> 33 pkts/181723 bytes][Goodput ratio: 76/99][1.59 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/42 0/371 0/107][Pkt Len c2s/s2c min/avg/max/stddev: 274/387 276/5507 278/21666 2/6102][URL: pic.1kxun.com/video_kankan/images/releases/296/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,55]
 	3	TCP 192.168.2.126:49372 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/1752 bytes <-> 33 pkts/144786 bytes][Goodput ratio: 89/98][1.99 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.976 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/61 0/371 0/111][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 584/4387 592/18786 6/4364][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/aec00b1dbdf678ee8d2b89df3fdbd059.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,8,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,51]
 	4	TCP 192.168.2.126:49396 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/1776 bytes <-> 28 pkts/133577 bytes][Goodput ratio: 89/99][1.65 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.974 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/42 0/345 0/94][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/4771 592/21666 0/5452][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,52]
@@ -56,13 +56,13 @@ JA3 Host Stats:
 	8	TCP 192.168.2.126:49380 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][2 pkts/1172 bytes <-> 30 pkts/99876 bytes][Goodput ratio: 89/98][1.31 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.977 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/32 0/209 0/74][Pkt Len c2s/s2c min/avg/max/stddev: 580/351 586/3329 592/18786 6/3784][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/f05074256b39572ad852c1c95eb5f8a7.jpg][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (LGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,53,0,34]
 	9	TCP 192.168.2.126:36636 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/411 bytes <-> 29 pkts/98991 bytes][Goodput ratio: 84/98][0.08 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/20 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 411/1467 411/3413 411/5778 0/1722][URL: hybird.rayjump.com/rv-zip-2022/0428/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,30,0,0,63]
 	10	TCP 192.168.2.126:36654 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/363 bytes <-> 25 pkts/90800 bytes][Goodput ratio: 82/98][0.10 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.992 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/18 0/5][Pkt Len c2s/s2c min/avg/max/stddev: 363/1494 363/3632 363/4350 0/1035][URL: hybird.rayjump.com/rv-zip-2019/1113/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,85]
-	11	TCP 192.168.2.126:45416 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][8 pkts/7202 bytes <-> 24 pkts/83277 bytes][Goodput ratio: 93/98][16.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 186/0 2919/772 6045/5959 2744/1789][Pkt Len c2s/s2c min/avg/max/stddev: 500/709 900/3470 1180/14466 215/3207][URL: mangaweb.1kxun.mobi/js/vendor.bundle.js?1644807874][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/vendor.bundle.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,12,0,0,0,0,0,0,0,3,3,3,6,0,0,0,0,0,0,0,3,0,0,21,0,41]
+	11	TCP 192.168.2.126:45416 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][8 pkts/7202 bytes <-> 24 pkts/83277 bytes][Goodput ratio: 93/98][16.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.841 (Download)][IAT c2s/s2c min/avg/max/stddev: 186/0 2919/772 6045/5959 2744/1789][Pkt Len c2s/s2c min/avg/max/stddev: 500/709 900/3470 1180/14466 215/3207][URL: mangaweb.1kxun.mobi/js/vendor.bundle.js?1644807874][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/vendor.bundle.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,3,0,0,12,0,0,0,0,0,0,0,3,3,3,6,0,0,0,0,0,0,0,3,0,0,21,0,41]
 	12	TCP 192.168.2.126:38326 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 21 pkts/89010 bytes][Goodput ratio: 76/98][1.25 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.994 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/50 0/412 0/118][Pkt Len c2s/s2c min/avg/max/stddev: 273/387 273/4239 273/12489 0/2950][URL: pic.1kxun.com/video_kankan/images/videos/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,73]
 	13	TCP 192.168.2.126:46200 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/556 bytes <-> 18 pkts/82689 bytes][Goodput ratio: 76/99][1.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.987 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/56 0/375 0/119][Pkt Len c2s/s2c min/avg/max/stddev: 278/386 278/4594 278/21666 0/5421][URL: pic.1kxun.com/video_kankan/images/releases/301/5027-d707192bfa2dabf22771a4d56454ab88.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35,0,45]
 	14	TCP 192.168.2.126:46184 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/829 bytes <-> 13 pkts/73655 bytes][Goodput ratio: 76/99][1.27 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.978 (Download)][IAT c2s/s2c min/avg/max/stddev: 392/0 392/81 392/368 0/134][Pkt Len c2s/s2c min/avg/max/stddev: 273/386 276/5666 278/23106 2/7129][URL: pic.1kxun.com/video_kankan/images/releases/299/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,18,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,25,0,37]
 	15	TCP 192.168.2.126:36640 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/563 bytes <-> 20 pkts/65580 bytes][Goodput ratio: 88/98][0.06 sec][Hostname/SNI: hybird.rayjump.com][bytes ratio: -0.983 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 563/1494 563/3279 563/5778 0/1489][URL: hybird.rayjump.com/rv-zip-2022/0428/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mo][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,62]
 	16	TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Goodput ratio: 42/95][45.37 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3472/1029 44994/45054 11986/6714][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/1210 416/1314 113/325][URL: pic.1kxun.com/video_kankan/images/videos/18283-jfyj3.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 3,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0,0,0,0,0,0,0]
-	17	TCP 192.168.2.126:45398 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2127 bytes <-> 18 pkts/58725 bytes][Goodput ratio: 91/98][4.35 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/0 229/262 229/3434 0/852][Pkt Len c2s/s2c min/avg/max/stddev: 490/551 709/3262 821/7266 155/2191][URL: mangaweb.1kxun.mobi/js/dependency-all.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/dependency)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,43]
+	17	TCP 192.168.2.126:45398 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2127 bytes <-> 18 pkts/58725 bytes][Goodput ratio: 91/98][4.35 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.930 (Download)][IAT c2s/s2c min/avg/max/stddev: 229/0 229/262 229/3434 0/852][Pkt Len c2s/s2c min/avg/max/stddev: 490/551 709/3262 821/7266 155/2191][URL: mangaweb.1kxun.mobi/js/dependency-all.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/dependency)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,43]
 	18	TCP 192.168.2.126:49354 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1184 bytes <-> 19 pkts/53234 bytes][Goodput ratio: 89/98][1.04 sec][Hostname/SNI: hkbn.content.1kxun.com][bytes ratio: -0.956 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/26 0/204 0/67][Pkt Len c2s/s2c min/avg/max/stddev: 592/351 592/2802 592/8706 0/2084][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp][StatusCode: 200][Content-Type: image/webp][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (/GET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,42]
 	19	TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Goodput ratio: 59/95][45.30 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3466/4 44999/62 11990/13][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 136/1145 415/1314 149/400][URL: pic.1kxun.com/video_kankan/images/videos/3578-ywzj.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,2,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0]
 	20	TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Goodput ratio: 52/95][45.33 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2649/12 44748/253 10525/45][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1127 415/1314 133/398][URL: pic.1kxun.com/video_kankan/images/videos/3713-ydm.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 4,0,0,0,0,0,0,0,0,4,0,9,0,0,4,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,76,0,0,0,0,0,0,0,0]
@@ -74,20 +74,20 @@ JA3 Host Stats:
 	26	TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60]
 	27	TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0]
 	28	TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 2][cat: Advertisement/101][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
-	29	TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20]
-	30	TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0]
+	29	TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20]
+	30	TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0]
 	31	TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
 	32	TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Goodput ratio: 40/94][0.02 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/2 10/8 4/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1103 334/1514 99/610][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0]
 	33	TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0]
 	34	UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][8.40 sec][Hostname/SNI: [ff02::c]:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 558/0 590/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,12,56,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	35	UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][8.40 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 482/0 530/0 562/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,12,18,51,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	36	TCP 192.168.2.126:49370 <-> 14.136.136.108:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/580 bytes <-> 4 pkts/7749 bytes][Goodput ratio: 88/97][0.22 sec][Hostname/SNI: hkbn.content.1kxun.com][URL: hkbn.content.1kxun.com/manga-hant/images/project/cartoons/b057f5cd8fe013d2299b57f14faa5fa9.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.4][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (AGET /manga)][Plen Bins: 0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20]
-	37	TCP 192.168.2.126:45422 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Streaming/17][3 pkts/2139 bytes <-> 4 pkts/6060 bytes][Goodput ratio: 91/96][4.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 221/224 2062/1374 3902/3898 1841/1787][Pkt Len c2s/s2c min/avg/max/stddev: 502/1413 713/1515 819/1720 149/124][URL: mangaweb.1kxun.mobi/images/detail_revision/go_homepage.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/application.min.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,14,0,14]
+	37	TCP 192.168.2.126:45422 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Streaming/17][3 pkts/2139 bytes <-> 4 pkts/6060 bytes][Goodput ratio: 91/96][4.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 221/224 2062/1374 3902/3898 1841/1787][Pkt Len c2s/s2c min/avg/max/stddev: 502/1413 713/1515 819/1720 149/124][URL: mangaweb.1kxun.mobi/images/detail_revision/go_homepage.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/application.min.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,14,0,14]
 	38	TCP 192.168.2.126:60148 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/536 bytes <-> 3 pkts/7066 bytes][Goodput ratio: 75/97][0.56 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/icons/5-328e3cdf244c003df08754cca05fbc2f.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,40,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20]
 	39	TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: Match by port][DPI packets: 20][cat: Web/5][13 pkts/6269 bytes <-> 10 pkts/1165 bytes][Goodput ratio: 88/51][18.02 sec][bytes ratio: 0.687 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/31 352/2546 3289/14274 980/4917][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 482/116 1514/386 582/101][Plen Bins: 23,7,0,0,0,15,7,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]
 	40	TCP 192.168.2.126:38314 <-> 172.105.121.82:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/273 bytes <-> 4 pkts/6346 bytes][Goodput ratio: 76/96][0.33 sec][Hostname/SNI: pic.1kxun.com][URL: pic.1kxun.com/video_kankan/images/videos/40750-585645353a7a47615755b7714c611835.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,20]
-	41	TCP 192.168.2.126:45414 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2118 bytes <-> 3 pkts/3518 bytes][Goodput ratio: 91/94][4.32 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 215/216 2066/2066 3917/3916 1851/1850][Pkt Len c2s/s2c min/avg/max/stddev: 482/758 706/1173 819/1456 158/300][URL: mangaweb.1kxun.mobi/js/fb-sdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/fb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16,0,0,0,0]
-	42	TCP 192.168.2.126:47246 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1872 bytes <-> 2 pkts/3374 bytes][Goodput ratio: 93/96][1.30 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/homePageVideoCollections/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28][StatusCode: 200][Content-Type: application/json][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
+	41	TCP 192.168.2.126:45414 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2118 bytes <-> 3 pkts/3518 bytes][Goodput ratio: 91/94][4.32 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 215/216 2066/2066 3917/3916 1851/1850][Pkt Len c2s/s2c min/avg/max/stddev: 482/758 706/1173 819/1456 158/300][URL: mangaweb.1kxun.mobi/js/fb-sdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/fb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,16,0,0,0,0]
+	42	TCP 192.168.2.126:47246 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1872 bytes <-> 2 pkts/3374 bytes][Goodput ratio: 93/96][1.30 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/homePageVideoCollections/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28][StatusCode: 200][Content-Type: application/json][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
 	43	TCP 192.168.2.126:36660 <-> 18.64.103.30:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][1 pkts/328 bytes <-> 3 pkts/4733 bytes][Goodput ratio: 80/96][0.03 sec][Hostname/SNI: hybird.rayjump.com][URL: hybird.rayjump.com/rv/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /rv/endv4.html)][Plen Bins: 0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,25]
 	44	TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Chat/9][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Goodput ratio: 71/72][1.09 sec][Hostname/SNI: vv.video.qq.com][bytes ratio: 0.434 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/191 476/506 136/201][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/200 499/372 176/149][URL: vv.video.qq.com/getvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][PLAIN TEXT (POST /getvinfo HTTP/1.1)][Plen Bins: 15,0,0,0,0,15,15,0,0,23,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	45	UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][14 pkts/4788 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][43.01 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 412/0 3106/0 12289/0 3176/0][Pkt Len c2s/s2c min/avg/max/stddev: 342/0 342/0 342/0 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -99,10 +99,10 @@ JA3 Host Stats:
 	51	TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][Goodput ratio: 69/75][6.08 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 753/1500 5998/5998 1982/2597][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 190/232 1067/1055 299/340][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	52	TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 60/87][0.09 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/16 36/43 13/19][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/456 390/1314 144/512][URL: jp.kankan.1kxun.mobi/api/videos/10410.json][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 20,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0]
 	53	TCP 192.168.2.126:33042 <-> 3.122.190.70:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][2 pkts/1986 bytes <-> 2 pkts/1328 bytes][Goodput ratio: 93/90][2.20 sec][Hostname/SNI: click.liftoff.io][URL: click.liftoff.io/v1/campaign_click/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWij][StatusCode: 200][Content-Type: image/png][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /v1/campaign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	54	TCP 192.168.2.126:50176 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1185 bytes <-> 2 pkts/2082 bytes][Goodput ratio: 94/94][0.19 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/list_default.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/list)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0]
+	54	TCP 192.168.2.126:50176 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1185 bytes <-> 2 pkts/2082 bytes][Goodput ratio: 94/94][0.19 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/list_default.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/list)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,33,0,0]
 	55	TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][Goodput ratio: 66/63][8.90 sec][Hostname/SNI: 192.168.115.75][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 982/1763 6000/6000 1978/2381][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177/158 1051/639 283/188][Risk: ** Weak TLS Cipher **** HTTP/TLS/QUIC Numeric Hostname/SNI **** TLS (probably) Not Carrying HTTPS **][Risk Score: 120][Risk Info: 192.168.115.75 / No ALPN / Cipher TLS_RSA_WITH_AES_128_CBC_SHA][TLSv1.2][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 14,14,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	56	TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Goodput ratio: 59/83][45.16 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5639/28 44799/53 14801/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139/366 468/1272 164/523][URL: jp.kankan.1kxun.mobi/api/videos/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698][StatusCode: 200][Content-Type: application/x-javascript][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/10410.j)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0]
-	57	TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+	57	TCP 192.168.2.126:35426 <-> 8.209.112.118:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][4 pkts/2668 bytes <-> 1 pkts/142 bytes][Goodput ratio: 92/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 20,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
 	58	TCP 192.168.2.126:41390 <-> 18.64.79.37:80 [proto: 7.126/HTTP.Google][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/492 bytes <-> 3 pkts/2123 bytes][Goodput ratio: 86/91][0.03 sec][Hostname/SNI: google.open-js.com][URL: google.open-js.com/doubleclick/ca0ecde2.js][StatusCode: 200][Content-Type: application/javascript][Server: AmazonS3][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (SGET /doubleclick/ca0)][Plen Bins: 0,25,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
 	59	TCP 192.168.2.126:56096 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/857 bytes <-> 1 pkts/1706 bytes][Goodput ratio: 92/96][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /setting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
 	60	TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91/TLS][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 3][cat: Web/5][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][Goodput ratio: 67/78][0.26 sec][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/64 205/212 84/87][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201/297 471/1223 139/463][Plen Bins: 0,0,40,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0]
@@ -110,17 +110,17 @@ JA3 Host Stats:
 	62	TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	63	TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	64	UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	65	TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
+	65	TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
 	66	UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	67	UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	68	TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	68	TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	69	TCP 192.168.2.126:42566 <-> 35.156.44.13:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/1770 bytes <-> 1 pkts/222 bytes][Goodput ratio: 89/70][0.03 sec][Hostname/SNI: de01.rayjump.com][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gec][PLAIN TEXT (GGET /impression)][Plen Bins: 25,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
 	70	TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/996 bytes <-> 5 pkts/986 bytes][Goodput ratio: 52/66][31.95 sec][Hostname/SNI: api.magicansoft.com][bytes ratio: 0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/8 2391/3919 11352/11551 4481/5397][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/197 331/390 117/157][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	71	TCP 192.168.2.126:50140 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1178 bytes <-> 1 pkts/748 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/left.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	72	TCP 192.168.2.126:50166 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1179 bytes <-> 1 pkts/746 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/right.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	73	TCP 192.168.2.126:47262 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/937 bytes <-> 1 pkts/883 bytes][Goodput ratio: 93/92][0.31 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d25][StatusCode: 301][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	71	TCP 192.168.2.126:50140 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1178 bytes <-> 1 pkts/748 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/left.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	72	TCP 192.168.2.126:50166 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1179 bytes <-> 1 pkts/746 bytes][Goodput ratio: 94/91][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/right.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	73	TCP 192.168.2.126:47262 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/937 bytes <-> 1 pkts/883 bytes][Goodput ratio: 93/92][0.31 sec][Hostname/SNI: kankan.1kxun.com][URL: kankan.1kxun.com/video_kankan_tags/v2/api/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d25][StatusCode: 301][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /video)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	74	TCP 192.168.2.126:51686 <-> 18.64.79.64:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1295 bytes <-> 1 pkts/500 bytes][Goodput ratio: 95/87][0.60 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=6][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0]
-	75	TCP 192.168.2.126:50164 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1184 bytes <-> 1 pkts/574 bytes][Goodput ratio: 94/88][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/more_white.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	75	TCP 192.168.2.126:50164 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1184 bytes <-> 1 pkts/574 bytes][Goodput ratio: 94/88][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/more_white.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	76	UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][10 pkts/1750 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2969/0 5541/0 19870/0 5205/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	77	TCP 192.168.2.126:41940 <-> 18.64.79.50:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1315 bytes <-> 1 pkts/419 bytes][Goodput ratio: 95/84][0.04 sec][Hostname/SNI: tknet-cdn.rayjump.com][URL: tknet-cdn.rayjump.com/ad/log/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG][StatusCode: 200][Content-Type: text/plain][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /ad/log/play)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
 	78	TCP 192.168.2.126:49242 <-> 172.104.119.80:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1129 bytes <-> 2 pkts/582 bytes][Goodput ratio: 88/77][2.16 sec][Hostname/SNI: android.yingshi.tcclick.1kxun.com][URL: android.yingshi.tcclick.1kxun.com/api/upload.php][StatusCode: 500][Req Content-Type: application/octet-stream][Content-Type: text/html][Server: openresty/1.11.2.5][User-Agent: okhttp/3.10.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 500][PLAIN TEXT (aPOST /api/upload.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -131,7 +131,7 @@ JA3 Host Stats:
 	83	TCP 192.168.2.126:59324 <-> 104.117.221.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/475 bytes <-> 1 pkts/1049 bytes][Goodput ratio: 86/94][0.04 sec][Hostname/SNI: m.vpon.com][URL: m.vpon.com/sdk/vpadn-sdk-core-v1.js][StatusCode: 200][Content-Type: application/x-javascript][Server: AkamaiNetStorage][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /sdk/vpadn)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	84	TCP 192.168.2.126:35200 <-> 103.29.71.30:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/953 bytes <-> 1 pkts/563 bytes][Goodput ratio: 93/88][0.36 sec][Hostname/SNI: release.bigdata.1kxun.com][URL: release.bigdata.1kxun.com/c/35/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=16][StatusCode: 302][Content-Type: text/html][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /c/35/13277)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	85	TCP 192.168.2.126:43272 <-> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1006 bytes <-> 1 pkts/500 bytes][Goodput ratio: 93/87][0.11 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version][StatusCode: 200][Content-Type: application/json][Server: nginx][User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build/RSR1.201013.001)][PLAIN TEXT (GET /openapi/ads)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	86	TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	86	TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 8][cat: Web/5][10 pkts/880 bytes <-> 3 pkts/572 bytes][Goodput ratio: 36/69][0.74 sec][Hostname/SNI: 218.244.135.170][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/119 54/119 318/119 106/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/191 212/446 62/181][URL: 218.244.135.170:9099/api/qqlive_ckey/get?vid=y0013xaeeyo&platform=10902][StatusCode: 200][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 218.244.135.170][PLAIN TEXT (GET /api/qq)][Plen Bins: 25,0,0,0,50,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	87	UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1432 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][38.10 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 5442/0 17101/0 4875/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	88	UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][8 pkts/1400 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][57.22 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2949/0 8174/0 27242/0 8848/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	89	UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][4 pkts/1368 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][46.39 sec][Hostname/SNI: shen][DHCP Fingerprint: 1,121,3,6,15,119,252][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -141,8 +141,8 @@ JA3 Host Stats:
 	93	TCP 192.168.2.126:58760 <-> 202.153.196.53:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1110 bytes <-> 1 pkts/236 bytes][Goodput ratio: 94/72][1.09 sec][Hostname/SNI: tw.api.vpon.com][URL: tw.api.vpon.com/api/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulato][StatusCode: 200][Server: Apache-Coyote/1.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36(Mobile; vpadn-sdk-a-v4.6.4)][PLAIN TEXT (GET /api/webviewAdReq)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	94	TCP 192.168.2.126:56094 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/876 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	95	TCP 192.168.2.126:56098 <-> 3.72.69.158:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/863 bytes <-> 1 pkts/460 bytes][Goodput ratio: 92/85][0.02 sec][Hostname/SNI: setting.rayjump.com][URL: setting.rayjump.com/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc][StatusCode: 200][Content-Type: text/plain][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /rewardsetting)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	96	TCP 192.168.2.126:47272 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/982 bytes <-> 1 pkts/331 bytes][Goodput ratio: 93/80][0.35 sec][Hostname/SNI: messages.1kxun.mobi][URL: messages.1kxun.mobi/api/messages/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kx][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /api/messages/listForYingsh)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	97	TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	96	TCP 192.168.2.126:47272 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/982 bytes <-> 1 pkts/331 bytes][Goodput ratio: 93/80][0.35 sec][Hostname/SNI: messages.1kxun.mobi][URL: messages.1kxun.mobi/api/messages/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kx][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /api/messages/listForYingsh)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	97	TCP 192.168.2.126:56826 <-> 8.209.97.107:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][2 pkts/1156 bytes <-> 1 pkts/142 bytes][Goodput ratio: 91/62][0.02 sec][Hostname/SNI: analytics.rayjump.com][URL: analytics.rayjump.com/][StatusCode: 204][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,33,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	98	UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][7 pkts/1253 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][16.80 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1227/0 2799/0 5942/0 1567/0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179/0 179/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	99	TCP 192.168.2.126:43266 -> 18.64.79.58:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1198 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Hostname/SNI: net.rayjump.com][URL: net.rayjump.com/openapi/ad/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sc][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /openapi/ad/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0]
 	100	UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][13 pkts/1196 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][30.61 sec][Hostname/SNI: isatap][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 715/0 2708/0 9111/0 2902/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT (FDEBFEEBFACACACACACACACACACAAA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -155,7 +155,7 @@ JA3 Host Stats:
 	107	UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	108	TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	109	TCP 192.168.2.126:51888 -> 119.28.164.143:80 [proto: 7/HTTP][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	110	TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][Risk: ** Binary App Transfer **][Risk Score: 150][Risk Info: Found mime exe octet-stream][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	110	TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][Risk: ** Binary App Transfer **][Risk Score: 150][Risk Info: Found mime exe octet-stream][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	111	UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.50 sec][Hostname/SNI: wpad][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 300/0 749/0 367/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	112	UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Hostname/SNI: sanji-lifebook-][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	113	UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][15.56 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/alicloud.pcap.out b/tests/cfgs/default/result/alicloud.pcap.out
index c55857ea4..047f9091d 100644
--- a/tests/cfgs/default/result/alicloud.pcap.out
+++ b/tests/cfgs/default/result/alicloud.pcap.out
@@ -18,22 +18,22 @@ Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
 Patricia risk mask:   30/0 (search/found)
 Patricia risk:        0/0 (search/found)
-Patricia protocols:   30/0 (search/found)
+Patricia protocols:   15/15 (search/found)
 
 AliCloud	225	22986	15
 
-	1	TCP 192.168.2.100:45094 <-> 8.209.76.194:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.49 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/1 17/67 23/322 7/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 192.168.2.100:51774 <-> 8.209.77.36:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.46 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 14/64 20/318 7/114][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.2.100:57322 <-> 8.209.107.122:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.33 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 16/41 24/166 9/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	TCP 192.168.2.100:37160 <-> 8.209.107.125:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/1096 bytes <-> 7 pkts/538 bytes][Goodput ratio: 51/10][0.49 sec][bytes ratio: 0.341 (Upload)][IAT c2s/s2c min/avg/max/stddev: 18/1 69/77 237/237 76/84][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/77 274/122 89/19][Plen Bins: 33,16,0,0,16,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	TCP 192.168.2.100:55484 <-> 8.209.107.157:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/1096 bytes <-> 7 pkts/538 bytes][Goodput ratio: 51/10][0.41 sec][bytes ratio: 0.341 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 56/65 242/241 84/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/77 274/122 89/19][Plen Bins: 33,16,0,0,16,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	6	TCP 192.168.2.100:51682 <-> 8.209.73.197:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/704 bytes][Goodput ratio: 43/24][0.96 sec][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 19/145 29/567 7/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/88 274/122 77/26][Plen Bins: 28,42,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	7	TCP 192.168.2.100:38094 <-> 8.209.104.159:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.61 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 92/99 469/416 169/159][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	8	TCP 192.168.2.100:39018 <-> 8.209.104.12:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.62 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 93/99 480/420 173/161][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	9	TCP 192.168.2.100:40154 <-> 8.209.104.159:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.77 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 119/130 632/573 230/222][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][PLAIN TEXT (TGD/Ym)][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	10	TCP 192.168.2.100:41056 <-> 8.209.73.197:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.78 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/0 120/130 633/575 229/223][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	11	TCP 192.168.2.100:42430 <-> 8.209.104.130:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.77 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 9/0 118/128 625/570 227/221][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	12	TCP 192.168.2.100:42600 <-> 8.209.105.125:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.77 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/1 118/129 627/569 228/220][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	13	TCP 192.168.2.100:44388 <-> 8.209.107.125:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.67 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/1 100/107 520/456 188/175][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	14	TCP 192.168.2.100:45078 <-> 8.209.105.125:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.60 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 90/96 468/413 169/159][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	15	TCP 192.168.2.100:52228 <-> 8.209.73.197:8999 [proto: 306/AliCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.89 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6/1 138/152 628/568 223/214][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.2.100:45094 <-> 8.209.76.194:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.49 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/1 17/67 23/322 7/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.2.100:51774 <-> 8.209.77.36:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.46 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 14/64 20/318 7/114][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.2.100:57322 <-> 8.209.107.122:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/832 bytes][Goodput ratio: 43/36][0.33 sec][bytes ratio: -0.006 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 16/41 24/166 9/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/104 274/250 77/60][Plen Bins: 28,28,0,0,14,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.2.100:37160 <-> 8.209.107.125:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/1096 bytes <-> 7 pkts/538 bytes][Goodput ratio: 51/10][0.49 sec][bytes ratio: 0.341 (Upload)][IAT c2s/s2c min/avg/max/stddev: 18/1 69/77 237/237 76/84][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/77 274/122 89/19][Plen Bins: 33,16,0,0,16,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	TCP 192.168.2.100:55484 <-> 8.209.107.157:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/1096 bytes <-> 7 pkts/538 bytes][Goodput ratio: 51/10][0.41 sec][bytes ratio: 0.341 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 56/65 242/241 84/89][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 137/77 274/122 89/19][Plen Bins: 33,16,0,0,16,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	TCP 192.168.2.100:51682 <-> 8.209.73.197:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][7 pkts/822 bytes <-> 8 pkts/704 bytes][Goodput ratio: 43/24][0.96 sec][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/0 19/145 29/567 7/203][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 117/88 274/122 77/26][Plen Bins: 28,42,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	TCP 192.168.2.100:38094 <-> 8.209.104.159:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.61 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 92/99 469/416 169/159][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	8	TCP 192.168.2.100:39018 <-> 8.209.104.12:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.62 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 93/99 480/420 173/161][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	9	TCP 192.168.2.100:40154 <-> 8.209.104.159:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.77 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/0 119/130 632/573 230/222][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][PLAIN TEXT (TGD/Ym)][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	10	TCP 192.168.2.100:41056 <-> 8.209.73.197:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.78 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/0 120/130 633/575 229/223][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	11	TCP 192.168.2.100:42430 <-> 8.209.104.130:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.77 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 9/0 118/128 625/570 227/221][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	12	TCP 192.168.2.100:42600 <-> 8.209.105.125:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.77 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/1 118/129 627/569 228/220][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	13	TCP 192.168.2.100:44388 <-> 8.209.107.125:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.67 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 5/1 100/107 520/456 188/175][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	14	TCP 192.168.2.100:45078 <-> 8.209.105.125:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.60 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 90/96 468/413 169/159][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	15	TCP 192.168.2.100:52228 <-> 8.209.73.197:8999 [proto: 306/AliCloud][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][8 pkts/888 bytes <-> 7 pkts/582 bytes][Goodput ratio: 40/19][0.89 sec][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6/1 138/152 628/568 223/214][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/83 274/122 74/25][Plen Bins: 33,33,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/genshin-impact.pcap.out b/tests/cfgs/default/result/genshin-impact.pcap.out
index a887c2f85..c797253ca 100644
--- a/tests/cfgs/default/result/genshin-impact.pcap.out
+++ b/tests/cfgs/default/result/genshin-impact.pcap.out
@@ -19,13 +19,13 @@ Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
 Patricia risk mask:   12/0 (search/found)
 Patricia risk:        0/0 (search/found)
-Patricia protocols:   9/3 (search/found)
+Patricia protocols:   6/6 (search/found)
 
 GenshinImpact	90	18405	6
 
-	1	UDP 192.168.2.100:58766 <-> 47.245.143.85:22101 [proto: 257/GenshinImpact][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1369 bytes <-> 8 pkts/3568 bytes][Goodput ratio: 78/91][1.63 sec][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 312/266 818/750 343/309][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 196/446 648/1223 192/449][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,13,0,6,13,20,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 192.168.2.100:52575 <-> 8.209.69.191:22101 [proto: 257/GenshinImpact][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1975 bytes <-> 8 pkts/1300 bytes][Goodput ratio: 85/74][2.27 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 409/181 1044/710 455/239][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 282/162 648/396 240/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,26,0,6,0,20,6,0,0,0,0,6,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.2.100:58766 <-> 47.245.143.85:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1369 bytes <-> 8 pkts/3568 bytes][Goodput ratio: 78/91][1.63 sec][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 312/266 818/750 343/309][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 196/446 648/1223 192/449][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,13,0,6,13,20,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.2.100:52575 <-> 8.209.69.191:22101 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][7 pkts/1975 bytes <-> 8 pkts/1300 bytes][Goodput ratio: 85/74][2.27 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 409/181 1044/710 455/239][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 282/162 648/396 240/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][Plen Bins: 20,26,0,6,0,20,6,0,0,0,0,6,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	TCP 192.168.2.100:39686 <-> 49.51.181.168:80 [proto: 257/GenshinImpact][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][9 pkts/2327 bytes <-> 6 pkts/535 bytes][Goodput ratio: 78/35][0.71 sec][bytes ratio: 0.626 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/88 176/176 86/87][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 259/89 1468/138 434/29][PLAIN TEXT (194946781)][Plen Bins: 0,50,25,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
 	4	TCP 192.168.2.100:39822 <-> 49.51.190.178:80 [proto: 257/GenshinImpact][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][9 pkts/2294 bytes <-> 6 pkts/535 bytes][Goodput ratio: 78/35][0.69 sec][bytes ratio: 0.622 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/85 171/170 84/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 255/89 1468/138 435/29][PLAIN TEXT (194946781)][Plen Bins: 12,51,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
-	5	UDP 192.168.2.100:59145 <-> 47.254.169.109:22102 [proto: 257/GenshinImpact][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1383 bytes <-> 7 pkts/1237 bytes][Goodput ratio: 76/76][1.75 sec][bytes ratio: 0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/30 285/342 829/800 363/311][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 173/177 650/340 185/88][Plen Bins: 34,13,0,13,13,13,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP 192.168.2.100:59145 <-> 47.254.169.109:22102 [proto: 257/GenshinImpact][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][8 pkts/1383 bytes <-> 7 pkts/1237 bytes][Goodput ratio: 76/76][1.75 sec][bytes ratio: 0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/30 285/342 829/800 363/311][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 173/177 650/340 185/88][Plen Bins: 34,13,0,13,13,13,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	TCP 192.168.2.100:45246 <-> 49.51.181.168:10012 [proto: 257/GenshinImpact][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][8 pkts/1287 bytes <-> 7 pkts/595 bytes][Goodput ratio: 65/31][0.92 sec][bytes ratio: 0.368 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/106 221/176 96/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/85 546/138 165/29][PLAIN TEXT (194946781)][Plen Bins: 0,57,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/long_tls_certificate.pcap.out b/tests/cfgs/default/result/long_tls_certificate.pcap.out
index 7964e8179..faab7dde1 100644
--- a/tests/cfgs/default/result/long_tls_certificate.pcap.out
+++ b/tests/cfgs/default/result/long_tls_certificate.pcap.out
@@ -18,7 +18,7 @@ Automa risk mask:     0/0 (search/found)
 Automa common alpns:  2/2 (search/found)
 Patricia risk mask:   2/0 (search/found)
 Patricia risk:        0/0 (search/found)
-Patricia protocols:   2/0 (search/found)
+Patricia protocols:   1/1 (search/found)
 
 Alibaba	47	14812	1
 
@@ -27,4 +27,4 @@ JA3 Host Stats:
 	1	 192.168.1.60             	 1      
 
 
-	1	TCP 192.168.1.60:55333 <-> 106.15.100.123:443 [proto: 91.274/TLS.Alibaba][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][24 pkts/2429 bytes <-> 23 pkts/12383 bytes][Goodput ratio: 44/89][1.86 sec][Hostname/SNI: beacon-api.aliyuncs.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/62 370/360 133/111][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/538 571/1506 104/641][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: *.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com][JA3S: eee3d2bf5f17d17548ac36ba1872951f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2][Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com][Certificate SHA-1: 2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA][Firefox][Validity: 2020-11-25 10:12:07 - 2021-12-27 10:06:06][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,31,13,9,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0]
+	1	TCP 192.168.1.60:55333 <-> 106.15.100.123:443 [proto: 91.274/TLS.Alibaba][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 12][cat: Web/5][24 pkts/2429 bytes <-> 23 pkts/12383 bytes][Goodput ratio: 44/89][1.86 sec][Hostname/SNI: beacon-api.aliyuncs.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.672 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/62 370/360 133/111][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/538 571/1506 104/641][TLSv1.2][JA3C: 2a26b1a62e40d25d4de3babc9d532f30][ServerNames: *.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com][JA3S: eee3d2bf5f17d17548ac36ba1872951f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2][Subject: C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com][Certificate SHA-1: 2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA][Firefox][Validity: 2020-11-25 10:12:07 - 2021-12-27 10:06:06][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,31,13,9,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0]
diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out
index 0b0b6325b..8692e246b 100644
--- a/tests/cfgs/default/result/pps.pcap.out
+++ b/tests/cfgs/default/result/pps.pcap.out
@@ -21,7 +21,7 @@ Automa risk mask:     43/2 (search/found)
 Automa common alpns:  0/0 (search/found)
 Patricia risk mask:   194/0 (search/found)
 Patricia risk:        0/0 (search/found)
-Patricia protocols:   212/2 (search/found)
+Patricia protocols:   211/3 (search/found)
 
 Unknown	980	377564	29
 HTTP	132	84242	45
@@ -79,7 +79,7 @@ Cybersec	28	29201	2
 	47	TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Goodput ratio: 91/73][0.17 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	48	TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Goodput ratio: 91/73][0.13 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	49	TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Goodput ratio: 90/73][0.15 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	50	TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Goodput ratio: 88/81][0.09 sec][Hostname/SNI: cmc.tanx.com][URL: cmc.tanx.com/andc?andc_uid=6693851615885049011&andc_ver=1][StatusCode: 200][Content-Type: image/gif][Server: Tengine][User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][PLAIN TEXT (GET /andc)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	50	TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Goodput ratio: 88/81][0.09 sec][Hostname/SNI: cmc.tanx.com][URL: cmc.tanx.com/andc?andc_uid=6693851615885049011&andc_ver=1][StatusCode: 200][Content-Type: image/gif][Server: Tengine][User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][PLAIN TEXT (GET /andc)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	51	TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/526 bytes][Goodput ratio: 72/90][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masblog.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masblog_runxx][Risk: ** Binary App Transfer **][Risk Score: 150][Risk Info: Found mime exe octet-stream][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	52	TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Goodput ratio: 80/83][0.22 sec][Hostname/SNI: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	53	TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/163 bytes <-> 2 pkts/557 bytes][Goodput ratio: 66/80][0.09 sec][Hostname/SNI: iplocation.geo.qiyi.com][URL: iplocation.geo.qiyi.com/cityjson][StatusCode: 200][Content-Type: charset=utf-8][Server: openresty][User-Agent: QYAgent_runxx][PLAIN TEXT (GET /cityjson HTTP/1.1)][Plen Bins: 33,0,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out
index 91d588442..e04188e84 100644
--- a/tests/cfgs/default/result/weibo.pcap.out
+++ b/tests/cfgs/default/result/weibo.pcap.out
@@ -20,7 +20,7 @@ Automa risk mask:     2/0 (search/found)
 Automa common alpns:  3/3 (search/found)
 Patricia risk mask:   88/0 (search/found)
 Patricia risk:        0/0 (search/found)
-Patricia protocols:   80/8 (search/found)
+Patricia protocols:   72/16 (search/found)
 
 DNS	6	630	3
 HTTP	19	2275	5
@@ -68,13 +68,13 @@ JA3 Host Stats:
 	32	TCP 192.168.1.105:58481 <-> 216.58.214.78:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 2][cat: Web/5][1 pkts/66 bytes <-> 1 pkts/66 bytes][Goodput ratio: 0/0][0.05 sec][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	33	UDP 192.168.1.105:11798 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/77 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][< 1 sec][Hostname/SNI: account.weibo.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (account)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	34	TCP 192.168.1.105:42280 -> 222.73.28.96:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	35	TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	36	TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	37	TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	38	TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	39	TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	40	TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	41	TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	42	TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	35	TCP 192.168.1.105:47721 -> 140.205.170.63:443 [proto: 91/TLS][IP: 274/Alibaba][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	36	TCP 192.168.1.105:47723 -> 140.205.170.63:443 [proto: 91/TLS][IP: 274/Alibaba][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	37	TCP 192.168.1.105:48352 -> 140.205.174.1:443 [proto: 91/TLS][IP: 274/Alibaba][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	38	TCP 192.168.1.105:48353 -> 140.205.174.1:443 [proto: 91/TLS][IP: 274/Alibaba][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	39	TCP 192.168.1.105:48356 -> 140.205.174.1:443 [proto: 91/TLS][IP: 274/Alibaba][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	40	TCP 192.168.1.105:52271 -> 42.156.184.19:443 [proto: 91/TLS][IP: 274/Alibaba][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	41	TCP 192.168.1.105:52272 -> 42.156.184.19:443 [proto: 91/TLS][IP: 274/Alibaba][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	42	TCP 192.168.1.105:52274 -> 42.156.184.19:443 [proto: 91/TLS][IP: 274/Alibaba][Encrypted][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	43	UDP 192.168.1.105:50533 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 43/0][< 1 sec][Hostname/SNI: data.weibo.com][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	44	UDP 192.168.1.105:16804 -> 192.168.1.1:53 [proto: 5.200/DNS.Sina(Weibo)][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes][Goodput ratio: 39/0][< 1 sec][Hostname/SNI: c.weibo.cn][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/xiaomi.pcap.out b/tests/cfgs/default/result/xiaomi.pcap.out
index 8f0b24025..b39dd240f 100644
--- a/tests/cfgs/default/result/xiaomi.pcap.out
+++ b/tests/cfgs/default/result/xiaomi.pcap.out
@@ -18,7 +18,7 @@ Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
 Patricia risk mask:   14/0 (search/found)
 Patricia risk:        0/0 (search/found)
-Patricia protocols:   12/2 (search/found)
+Patricia protocols:   11/4 (search/found)
 
 Xiaomi	52	11467	7
 
@@ -27,5 +27,5 @@ Xiaomi	52	11467	7
 	3	TCP 115.164.74.232:5222 <-> 192.168.247.13:38018 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][4 pkts/456 bytes <-> 3 pkts/1283 bytes][Goodput ratio: 40/85][149.32 sec][Hostname/SNI: 47.241.35.73][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 143/153 49772/74586 149015/149020 70175/74434][Pkt Len c2s/s2c min/avg/max/stddev: 74/78 114/428 172/980 41/395][User-Agent: M2010J19SG][PLAIN TEXT (xiaomi.com)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	TCP 97.39.119.172:5222 <-> 192.168.93.59:51488 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][3 pkts/377 bytes <-> 2 pkts/1249 bytes][Goodput ratio: 45/89][0.25 sec][Hostname/SNI: 47.241.59.87][User-Agent: M2101K7BG][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	5	TCP 115.164.74.232:5222 <-> 192.168.244.219:45904 [proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Web/5][3 pkts/378 bytes <-> 2 pkts/1244 bytes][Goodput ratio: 45/89][0.26 sec][Hostname/SNI: 47.241.35.73][User-Agent: Redmi Note 9S][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,25,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	6	TCP 192.168.2.100:48698 <-> 203.107.1.65:80 [proto: 7.287/HTTP.Xiaomi][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/530 bytes <-> 1 pkts/66 bytes][Goodput ratio: 66/0][0.49 sec][Hostname/SNI: 203.107.1.65][URL: 203.107.1.65/164566/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00][User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI/V12.0.3.0.QJZMIXM)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 203.107.1.65][PLAIN TEXT (GET /164566/sign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	7	TCP 47.241.7.88:5222 -> 10.52.151.160:39180 [VLAN: 208][proto: 287/Xiaomi][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	TCP 192.168.2.100:48698 <-> 203.107.1.65:80 [proto: 7.287/HTTP.Xiaomi][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][3 pkts/530 bytes <-> 1 pkts/66 bytes][Goodput ratio: 66/0][0.49 sec][Hostname/SNI: 203.107.1.65][URL: 203.107.1.65/164566/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00][User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI/V12.0.3.0.QJZMIXM)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 203.107.1.65][PLAIN TEXT (GET /164566/sign)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	TCP 47.241.7.88:5222 -> 10.52.151.160:39180 [VLAN: 208][proto: 287/Xiaomi][IP: 274/Alibaba][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/136 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (xiaomi.com)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]