aboutsummaryrefslogtreecommitdiff
path: root/tests/cfgs/default
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2024-04-09 10:22:01 +0200
committerLuca Deri <deri@ntop.org>2024-04-09 10:22:01 +0200
commitbd2968dcd36e78adcef0570550277332d164fc2d (patch)
treef0f4a8d995e8da26ad8b0dc0b954d294b6fd2ba2 /tests/cfgs/default
parent00a360f30a89fd479465db64d7e92e761645c101 (diff)
Tuned DNS risk values
Modified NDPI_BINARY_TRANSFER_ATTEMPT in NDPI_BINARY_DATA_TRANSFER
Diffstat (limited to 'tests/cfgs/default')
-rw-r--r--tests/cfgs/default/result/1kxun.pcap.out2
-rw-r--r--tests/cfgs/default/result/bad-dns-traffic.pcap.out6
-rw-r--r--tests/cfgs/default/result/dns-exf.pcap.out2
-rw-r--r--tests/cfgs/default/result/dns-tunnel-iodine.pcap.out2
-rw-r--r--tests/cfgs/default/result/dotenv.pcap.out2
-rw-r--r--tests/cfgs/default/result/emotet.pcap.out4
-rw-r--r--tests/cfgs/default/result/exe_download.pcap.out2
-rw-r--r--tests/cfgs/default/result/gnutella.pcap.out4
-rw-r--r--tests/cfgs/default/result/netflix.pcap.out36
-rw-r--r--tests/cfgs/default/result/pps.pcap.out18
-rw-r--r--tests/cfgs/default/result/quickplay.pcap.out8
-rw-r--r--tests/cfgs/default/result/starcraft_battle.pcap.out2
-rw-r--r--tests/cfgs/default/result/tls_certificate_too_long.pcap.out4
-rw-r--r--tests/cfgs/default/result/waze.pcap.out2
-rw-r--r--tests/cfgs/default/result/windowsupdate_over_http.pcap.out2
15 files changed, 48 insertions, 48 deletions
diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out
index 6d2e411d0..6c2de6f47 100644
--- a/tests/cfgs/default/result/1kxun.pcap.out
+++ b/tests/cfgs/default/result/1kxun.pcap.out
@@ -164,7 +164,7 @@ JA3 Host Stats:
107 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][3 pkts/648 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][0.00 sec][Hostname/SNI: macbookair-e1d0][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( ENEBEDECEPEPELEBEJ)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
108 TCP 192.168.2.126:54810 <-> 18.233.123.55:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/490 bytes <-> 1 pkts/141 bytes][Goodput ratio: 86/53][0.11 sec][Hostname/SNI: impression-east.liftoff.io][URL: impression-east.liftoff.io/mintegral/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /mintegral/beacon)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
109 TCP 192.168.2.126:51888 -> 119.28.164.143:80 [proto: 7/HTTP][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: qzonestyle.gtimg.cn][URL: qzonestyle.gtimg.cn/qzone/openapi/qc-1.0.1.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /qzone/openapi/qc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 110 TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 110 TCP 192.168.2.126:47230 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/223 bytes <-> 1 pkts/330 bytes][Goodput ratio: 70/80][0.18 sec][Hostname/SNI: kankan.1kxun.mobi][URL: kankan.1kxun.mobi/api.domain.conf][StatusCode: 200][Content-Type: application/octet-stream][Server: openresty/1.13.6.1][User-Agent: okhttp/3.10.0][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /api.domain.conf HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
111 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][6 pkts/552 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][1.50 sec][Hostname/SNI: wpad][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 300/0 749/0 367/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 92/0 92/0 0/0][PLAIN TEXT ( FHFAEBEECACACACACACACACACACACA)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
112 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Hostname/SNI: sanji-lifebook-][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
113 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][15.56 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/bad-dns-traffic.pcap.out b/tests/cfgs/default/result/bad-dns-traffic.pcap.out
index a077f0098..0ed845c88 100644
--- a/tests/cfgs/default/result/bad-dns-traffic.pcap.out
+++ b/tests/cfgs/default/result/bad-dns-traffic.pcap.out
@@ -25,6 +25,6 @@ DNS 382 99374 3
Acceptable 382 99374 3
- 1 UDP 192.168.43.91:56354 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][203 pkts/51588 bytes <-> 146 pkts/43285 bytes][Goodput ratio: 83/86][92.47 sec][Hostname/SNI: c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org][::][bytes ratio: 0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/15 482/284 1046/2080 456/471][Pkt Len c2s/s2c min/avg/max/stddev: 95/95 254/296 290/325 74/65][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 250][Risk Info: Long DNS host name / 244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error ][PLAIN TEXT (8244300)][Plen Bins: 0,5,5,0,0,0,0,50,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 2 UDP 192.168.43.91:35966 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][10 pkts/1125 bytes <-> 9 pkts/1293 bytes][Goodput ratio: 63/71][7.51 sec][Hostname/SNI: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org][::][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 78/49 782/776 1050/1358 405/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 112/144 194/229 31/33][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 250][Risk Info: Long DNS host name / 05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error ][PLAIN TEXT (3620001636f)][Plen Bins: 0,36,47,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 3 UDP 192.168.43.91:46961 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][7 pkts/926 bytes <-> 7 pkts/1157 bytes][Goodput ratio: 68/75][3.49 sec][Hostname/SNI: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org][::][bytes ratio: -0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 87/56 668/645 1019/1049 428/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 132/165 290/323 66/66][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 250][Risk Info: Long DNS host name / a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error ][PLAIN TEXT (da83510001636)][Plen Bins: 0,28,42,14,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.43.91:56354 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Network/14][203 pkts/51588 bytes <-> 146 pkts/43285 bytes][Goodput ratio: 83/86][92.47 sec][Hostname/SNI: c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org][::][bytes ratio: 0.088 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 6/15 482/284 1046/2080 456/471][Pkt Len c2s/s2c min/avg/max/stddev: 95/95 254/296 290/325 74/65][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 200][Risk Info: Long DNS host name / 244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error ][PLAIN TEXT (8244300)][Plen Bins: 0,5,5,0,0,0,0,50,39,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 2 UDP 192.168.43.91:35966 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][10 pkts/1125 bytes <-> 9 pkts/1293 bytes][Goodput ratio: 63/71][7.51 sec][Hostname/SNI: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org][::][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 78/49 782/776 1050/1358 405/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 112/144 194/229 31/33][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 200][Risk Info: Long DNS host name / 05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error ][PLAIN TEXT (3620001636f)][Plen Bins: 0,36,47,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 3 UDP 192.168.43.91:46961 <-> 4.2.2.4:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][7 pkts/926 bytes <-> 7 pkts/1157 bytes][Goodput ratio: 68/75][3.49 sec][Hostname/SNI: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org][::][bytes ratio: -0.111 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 87/56 668/645 1019/1049 428/481][Pkt Len c2s/s2c min/avg/max/stddev: 95/126 132/165 290/323 66/66][Risk: ** Susp DGA Domain name **** Susp DNS Traffic **** Risky Domain Name **][Risk Score: 200][Risk Info: Long DNS host name / a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org / DGA Name Query with no Error ][PLAIN TEXT (da83510001636)][Plen Bins: 0,28,42,14,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dns-exf.pcap.out b/tests/cfgs/default/result/dns-exf.pcap.out
index e5baf5b8c..97101800e 100644
--- a/tests/cfgs/default/result/dns-exf.pcap.out
+++ b/tests/cfgs/default/result/dns-exf.pcap.out
@@ -25,4 +25,4 @@ DNS 2 342 1
Acceptable 2 342 1
- 1 UDP 192.168.2.225:45290 <-> 192.168.2.134:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/163 bytes <-> 1 pkts/179 bytes][Goodput ratio: 74/76][0.00 sec][Hostname/SNI: 4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt][::][Risk: ** Susp DNS Traffic **** Non-Printable/Invalid Chars Detected **** Minor Issues **][Risk Score: 210][Risk Info: Long DNS host name / DNS Record with zero TTL][PLAIN TEXT (sICN03)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 192.168.2.225:45290 <-> 192.168.2.134:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/163 bytes <-> 1 pkts/179 bytes][Goodput ratio: 74/76][0.00 sec][Hostname/SNI: 4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt][::][Risk: ** Susp DNS Traffic **** Non-Printable/Invalid Chars Detected **** Minor Issues **][Risk Score: 160][Risk Info: Long DNS host name / DNS Record with zero TTL][PLAIN TEXT (sICN03)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out b/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out
index 2463c5230..7dff1377a 100644
--- a/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out
+++ b/tests/cfgs/default/result/dns-tunnel-iodine.pcap.out
@@ -25,4 +25,4 @@ DNS 434 70252 1
Acceptable 434 70252 1
- 1 UDP 10.0.2.30:44639 <-> 10.0.2.20:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][222 pkts/26136 bytes <-> 212 pkts/44116 bytes][Goodput ratio: 64/80][24.49 sec][Hostname/SNI: vaaaakardli.pirate.sea][::][bytes ratio: -0.256 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/88 4005/4005 543/524][Pkt Len c2s/s2c min/avg/max/stddev: 82/93 118/208 323/1512 67/175][Risk: ** Susp DNS Traffic **** Minor Issues **][Risk Score: 110][Risk Info: DNS Record with zero TTL / Obsolete DNS record type][PLAIN TEXT (vaaaakardli)][Plen Bins: 0,40,1,15,29,3,0,1,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 UDP 10.0.2.30:44639 <-> 10.0.2.20:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][222 pkts/26136 bytes <-> 212 pkts/44116 bytes][Goodput ratio: 64/80][24.49 sec][Hostname/SNI: vaaaakardli.pirate.sea][::][bytes ratio: -0.256 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/88 4005/4005 543/524][Pkt Len c2s/s2c min/avg/max/stddev: 82/93 118/208 323/1512 67/175][Risk: ** Susp DNS Traffic **** Minor Issues **][Risk Score: 60][Risk Info: DNS Record with zero TTL / Obsolete DNS record type][PLAIN TEXT (vaaaakardli)][Plen Bins: 0,40,1,15,29,3,0,1,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dotenv.pcap.out b/tests/cfgs/default/result/dotenv.pcap.out
index 0d20d7437..59c98567d 100644
--- a/tests/cfgs/default/result/dotenv.pcap.out
+++ b/tests/cfgs/default/result/dotenv.pcap.out
@@ -25,4 +25,4 @@ HTTP 10 993 1
Acceptable 10 993 1
- 1 TCP 192.168.2.198:51327 <-> 89.31.76.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/490 bytes <-> 4 pkts/503 bytes][Goodput ratio: 17/46][0.12 sec][Hostname/SNI: sevenpitaly.com][bytes ratio: -0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/22 45/43 20/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82/126 148/297 30/99][URL: sevenpitaly.com/.env][StatusCode: 406][Content-Type: application/octet-stream][Server: openresty][User-Agent: curl/8.4.0][Risk: ** Possible Exploit Attempt **** Error Code **][Risk Score: 160][Risk Info: URL starting with dot / HTTP Error Code 406][PLAIN TEXT (GET /.env HTTP/1.1)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 1 TCP 192.168.2.198:51327 <-> 89.31.76.10:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/490 bytes <-> 4 pkts/503 bytes][Goodput ratio: 17/46][0.12 sec][Hostname/SNI: sevenpitaly.com][bytes ratio: -0.013 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/22 45/43 20/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 82/126 148/297 30/99][URL: sevenpitaly.com/.env][StatusCode: 406][Content-Type: application/octet-stream][Server: openresty][User-Agent: curl/8.4.0][Risk: ** Possible Exploit Attempt **** Error Code **** Binary file/data transfer (attempt) **][Risk Score: 210][Risk Info: URL starting with dot / HTTP Error Code 406 / Found binary mime octet-stream (attempt)][PLAIN TEXT (GET /.env HTTP/1.1)][Plen Bins: 0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/emotet.pcap.out b/tests/cfgs/default/result/emotet.pcap.out
index e89449a19..3455d47db 100644
--- a/tests/cfgs/default/result/emotet.pcap.out
+++ b/tests/cfgs/default/result/emotet.pcap.out
@@ -35,7 +35,7 @@ JA3 Host Stats:
1 TCP 10.3.29.101:56309 <-> 104.161.127.22:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][21 pkts/1592 bytes <-> 37 pkts/48623 bytes][Goodput ratio: 28/96][0.61 sec][Hostname/SNI: fkl.co.ke][bytes ratio: -0.937 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/7 204/204 57/36][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 76/1314 500/1415 95/343][URL: fkl.co.ke/wp-content/Elw3kPvOsZxM5/][StatusCode: 200][Content-Type: text/html][Server: LiteSpeed][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36 Edg/99.0.1150.55][PLAIN TEXT (GET /wp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,95,0,0,0,0,0]
2 TCP 10.2.25.102:57309 <-> 193.252.22.84:587 [proto: 3/SMTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 19][cat: Email/3][23 pkts/16752 bytes <-> 27 pkts/1853 bytes][Goodput ratio: 93/21][8.35 sec][Hostname/SNI: opmta1mto02nd1][bytes ratio: 0.801 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 276/345 1205/3054 406/694][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 728/69 1514/214 702/33][PLAIN TEXT (220 opmta)][Plen Bins: 31,27,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
- 3 TCP 10.4.25.101:49797 <-> 77.105.36.156:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][5 pkts/452 bytes <-> 10 pkts/10518 bytes][Goodput ratio: 34/95][0.48 sec][Hostname/SNI: filmmogzivota.rs][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 159/37 292/171 121/64][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 90/1052 206/1442 58/553][URL: filmmogzivota.rs/SpryAssets/gDR/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: vBKbaQgjyvRRbcgfvlsc][Filename: TfBXbg6gEAqeHioMEKOtCAAn73.dll][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **][Risk Score: 250][Risk Info: UA vBKbaQgjyvRRbcgfvlsc / Found mime exe x-msdownload][PLAIN TEXT (GET /SpryAssets/gDR/ HTTP/1.1)][Plen Bins: 0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,66,0,0,0,0]
- 4 TCP 10.4.20.102:54319 <-> 107.161.178.210:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][7 pkts/645 bytes <-> 7 pkts/8714 bytes][Goodput ratio: 35/96][0.38 sec][Hostname/SNI: gandhitoday.org][bytes ratio: -0.862 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/54 260/260 100/103][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 92/1245 279/1442 76/483][URL: gandhitoday.org/video/6JvA8/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko][Filename: EGh7x6aKN3ILP.dll][Risk: ** Binary App Transfer **][Risk Score: 150][Risk Info: Found mime exe x-msdownload][PLAIN TEXT (GET /video/6J)][Plen Bins: 0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,85,0,0,0,0]
+ 3 TCP 10.4.25.101:49797 <-> 77.105.36.156:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][5 pkts/452 bytes <-> 10 pkts/10518 bytes][Goodput ratio: 34/95][0.48 sec][Hostname/SNI: filmmogzivota.rs][bytes ratio: -0.918 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 159/37 292/171 121/64][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 90/1052 206/1442 58/553][URL: filmmogzivota.rs/SpryAssets/gDR/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: vBKbaQgjyvRRbcgfvlsc][Filename: TfBXbg6gEAqeHioMEKOtCAAn73.dll][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** Binary file/data transfer (attempt) **][Risk Score: 300][Risk Info: UA vBKbaQgjyvRRbcgfvlsc / Found mime exe x-msdownload / File download TfBXbg6gEAqeHioMEKOtCAAn73.dll][PLAIN TEXT (GET /SpryAssets/gDR/ HTTP/1.1)][Plen Bins: 0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,66,0,0,0,0]
+ 4 TCP 10.4.20.102:54319 <-> 107.161.178.210:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][7 pkts/645 bytes <-> 7 pkts/8714 bytes][Goodput ratio: 35/96][0.38 sec][Hostname/SNI: gandhitoday.org][bytes ratio: -0.862 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/54 260/260 100/103][Pkt Len c2s/s2c min/avg/max/stddev: 60/62 92/1245 279/1442 76/483][URL: gandhitoday.org/video/6JvA8/][StatusCode: 200][Content-Type: application/x-msdownload][Server: Apache][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko][Filename: EGh7x6aKN3ILP.dll][Risk: ** Binary App Transfer **** Binary file/data transfer (attempt) **][Risk Score: 200][Risk Info: Found mime exe x-msdownload / File download EGh7x6aKN3ILP.dll][PLAIN TEXT (GET /video/6J)][Plen Bins: 0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,85,0,0,0,0]
5 TCP 10.4.25.101:49803 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][7 pkts/1130 bytes <-> 8 pkts/6240 bytes][Goodput ratio: 64/93][1.65 sec][bytes ratio: -0.693 (Download)][IAT c2s/s2c min/avg/max/stddev: 14/0 75/231 122/1117 39/400][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 161/780 534/1442 161/663][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Malicious JA3 Fingerp. **][Risk Score: 210][Risk Info: 51c64c77e60f3980eea90869b68c58a8 / No ALPN / C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][TLSv1.2][JA3C: 51c64c77e60f3980eea90869b68c58a8][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: ec74a5c51106f0419184d0dd08fb05bc][Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com][Certificate SHA-1: 43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93][Firefox][Validity: 2022-04-21 10:08:46 - 2023-04-21 10:08:46][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,12,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0]
6 TCP 10.4.25.101:49804 <-> 138.197.147.101:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/1517 bytes <-> 7 pkts/1208 bytes][Goodput ratio: 61/66][48.61 sec][bytes ratio: 0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5997/806 44782/3012 14692/1274][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 152/173 607/714 179/224][Risk: ** TLS (probably) Not Carrying HTTPS **** Missing SNI TLS Extn **** Malicious JA3 Fingerp. **][Risk Score: 110][Risk Info: 51c64c77e60f3980eea90869b68c58a8 / No ALPN][TLSv1.2][JA3C: 51c64c77e60f3980eea90869b68c58a8][JA4: t12d190600_d83cc789557e_2dae41c691ec][JA3S: fd4bc6cea4877646ccd62f0792ec0b62][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,16,0,0,0,0,0,0,16,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/exe_download.pcap.out b/tests/cfgs/default/result/exe_download.pcap.out
index 4455afbac..19fa719cf 100644
--- a/tests/cfgs/default/result/exe_download.pcap.out
+++ b/tests/cfgs/default/result/exe_download.pcap.out
@@ -25,4 +25,4 @@ HTTP 20 14869 1
Acceptable 20 14869 1
- 1 TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][8 pkts/597 bytes <-> 12 pkts/14272 bytes][Goodput ratio: 26/95][0.76 sec][Hostname/SNI: 144.91.69.195][bytes ratio: -0.920 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/33 319/298 134/89][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/1189 207/1514 50/510][URL: 144.91.69.195/solar.php][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx/1.10.3][User-Agent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Filename: phn34ycjtghm.exe][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Obsolete Server **][Risk Score: 310][Risk Info: Found host 144.91.69.195 / UA pwtyyEKzNtGatwnJjmCcBLbOveCVpc / Obsolete nginx server 1.10.3 / Found file extn exe][PLAIN TEXT (GET /solar.php HTTP/1.1)][Plen Bins: 0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,54,0,0,18,0,0]
+ 1 TCP 10.9.25.101:49165 <-> 144.91.69.195:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][8 pkts/597 bytes <-> 12 pkts/14272 bytes][Goodput ratio: 26/95][0.76 sec][Hostname/SNI: 144.91.69.195][bytes ratio: -0.920 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 125/33 319/298 134/89][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/1189 207/1514 50/510][URL: 144.91.69.195/solar.php][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx/1.10.3][User-Agent: pwtyyEKzNtGatwnJjmCcBLbOveCVpc][Filename: phn34ycjtghm.exe][Risk: ** Binary App Transfer **** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Obsolete Server **** Binary file/data transfer (attempt) **][Risk Score: 360][Risk Info: Found host 144.91.69.195 / UA pwtyyEKzNtGatwnJjmCcBLbOveCVpc / Obsolete nginx server 1.10.3 / Found binary mime octet-stream /][PLAIN TEXT (GET /solar.php HTTP/1.1)][Plen Bins: 0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,54,0,0,18,0,0]
diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out
index 8e1a0f92c..f19bca741 100644
--- a/tests/cfgs/default/result/gnutella.pcap.out
+++ b/tests/cfgs/default/result/gnutella.pcap.out
@@ -64,7 +64,7 @@ JA3 Host Stats:
7 TCP 10.0.2.15:50330 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][9 pkts/1011 bytes <-> 12 pkts/11017 bytes][Goodput ratio: 51/94][3.38 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 388/240 1119/1115 493/448][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 112/918 567/1514 161/644][URL: 69.118.162.229:46906/gnutella/thex/v1?urn:tree:tiger/:3WMUS6WM2ZC7XIPRQDKXWHHJRV4IKYC4OX4ELCA&depth=9&ed2k=1][StatusCode: 200][Content-Type: application/dime][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **][Risk Score: 70][Risk Info: Found host 69.118.162.229][PLAIN TEXT (GET /gnutella/thex/v1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0,55,0,0]
8 TCP 10.0.2.15:50248 <-> 109.214.154.216:6346 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][45 pkts/3196 bytes <-> 54 pkts/8256 bytes][Goodput ratio: 24/65][522.53 sec][bytes ratio: -0.442 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/1 12254/10032 54436/54424 15860/15019][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 71/153 358/1078 50/183][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 56,1,12,5,3,1,1,7,3,1,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 10.0.2.15:50249 <-> 86.208.180.181:45883 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][43 pkts/3087 bytes <-> 47 pkts/7704 bytes][Goodput ratio: 24/67][522.17 sec][bytes ratio: -0.428 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 11973/13240 47909/55396 14672/15777][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 72/164 357/1119 51/213][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (GNUTELLA CONNECT/0.6)][Plen Bins: 57,0,4,6,4,4,4,2,6,2,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 10 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][5 pkts/815 bytes <-> 7 pkts/5620 bytes][Goodput ratio: 65/93][1.25 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 416/228 1138/1123 513/447][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/803 587/1514 212/666][URL: 69.118.162.229:46906/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **][Risk Score: 70][Risk Info: Found host 69.118.162.229][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
+ 10 TCP 10.0.2.15:50327 <-> 69.118.162.229:46906 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][5 pkts/815 bytes <-> 7 pkts/5620 bytes][Goodput ratio: 65/93][1.25 sec][Hostname/SNI: 69.118.162.229][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 416/228 1138/1123 513/447][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/803 587/1514 212/666][URL: 69.118.162.229:46906/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Binary file/data transfer (attempt) **][Risk Score: 120][Risk Info: Found host 69.118.162.229 / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
11 UDP 10.0.2.15:28681 <-> 80.61.221.246:30577 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5195 bytes][Goodput ratio: 68/93][197.38 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 39/35 26439/26440 107210/107216 34356/34358][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 132/577 274/769 53/274][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,33,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 UDP 10.0.2.15:28681 <-> 193.37.255.130:61616 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1185 bytes <-> 9 pkts/5176 bytes][Goodput ratio: 68/93][197.67 sec][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 127/126 26488/26488 107228/107229 34539/34539][Pkt Len c2s/s2c min/avg/max/stddev: 70/129 132/575 274/769 53/277][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 5,5,39,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 UDP 10.0.2.15:28681 <-> 103.232.107.100:43508 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][9 pkts/1157 bytes <-> 8 pkts/4890 bytes][Goodput ratio: 67/93][230.22 sec][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 4875/4875 31136/30836 107031/107033 32420/35010][Pkt Len c2s/s2c min/avg/max/stddev: 70/128 129/611 274/769 56/273][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 11,0,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -85,7 +85,7 @@ JA3 Host Stats:
28 UDP 10.0.2.15:28681 <-> 45.31.152.112:26851 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][186.46 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 7100/7142 19000/19000 44374/44331 14989/14962][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 UDP 10.0.2.15:28681 <-> 96.65.68.194:35481 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/836 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 70/93][197.61 sec][bytes ratio: -0.588 (Download)][IAT c2s/s2c min/avg/max/stddev: 5017/5014 21044/21044 46304/46310 15712/15715][Pkt Len c2s/s2c min/avg/max/stddev: 70/148 139/645 274/769 63/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 9,0,36,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
30 UDP 10.0.2.15:28681 <-> 181.84.178.16:60262 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/766 bytes <-> 5 pkts/3224 bytes][Goodput ratio: 72/93][84.70 sec][bytes ratio: -0.616 (Download)][IAT c2s/s2c min/avg/max/stddev: 5114/5194 21079/21064 46304/46263 15704/15629][Pkt Len c2s/s2c min/avg/max/stddev: 123/148 153/645 274/769 60/248][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (client)][Plen Bins: 0,0,40,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 31 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][4 pkts/766 bytes <-> 5 pkts/2826 bytes][Goodput ratio: 70/90][1.41 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 470/304 1214/1208 532/522][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 192/565 592/1514 231/558][URL: 189.147.72.83:26108/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **][Risk Score: 70][Risk Info: Found host 189.147.72.83][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
+ 31 TCP 10.0.2.15:50328 <-> 189.147.72.83:26108 [proto: 7.35/HTTP.Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Media/1][4 pkts/766 bytes <-> 5 pkts/2826 bytes][Goodput ratio: 70/90][1.41 sec][Hostname/SNI: 189.147.72.83][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 470/304 1214/1208 532/522][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 192/565 592/1514 231/558][URL: 189.147.72.83:26108/uri-res/N2R?urn:sha1:LXIP2A72T5H3BU3GRUMZFYNU3OYDK6FI][StatusCode: 206][Content-Type: audio/mpeg][Server: Shareaza 2.7.10.2][User-Agent: gtk-gnutella/1.2.2 (2022-02-25; GTK2; Windows x64)][Filename: Nickelback%20-%20Hero%20(Spiderman%20soundtrack).mp3][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Unsafe Protocol **** Binary file/data transfer (attempt) **][Risk Score: 120][Risk Info: Found host 189.147.72.83 / File download Nickelback%20-%20Hero%20(Spiderman%20soundtrack).][PLAIN TEXT (GET /uri)][Plen Bins: 0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
32 UDP 10.0.2.15:28681 <-> 80.7.252.192:6888 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][6 pkts/844 bytes <-> 5 pkts/2741 bytes][Goodput ratio: 70/92][170.75 sec][bytes ratio: -0.529 (Download)][IAT c2s/s2c min/avg/max/stddev: 1605/1482 42670/42669 111028/111025 42886/42893][Pkt Len c2s/s2c min/avg/max/stddev: 98/148 141/548 274/769 61/274][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (.LGTKG)][Plen Bins: 0,18,27,9,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
33 UDP 10.0.2.15:28681 <-> 94.54.66.82:63637 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/537 bytes <-> 5 pkts/2722 bytes][Goodput ratio: 61/92][192.07 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 168/360 47931/46734 147616/141167 58240/55279][Pkt Len c2s/s2c min/avg/max/stddev: 70/130 107/544 123/769 21/279][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 10,10,40,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 UDP 10.0.2.15:28681 <-> 96.236.205.7:34794 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][5 pkts/537 bytes <-> 5 pkts/2721 bytes][Goodput ratio: 61/92][191.79 sec][bytes ratio: -0.670 (Download)][IAT c2s/s2c min/avg/max/stddev: 123/120 47920/47919 147559/147561 58219/58220][Pkt Len c2s/s2c min/avg/max/stddev: 70/129 107/544 123/769 21/280][Risk: ** Unsafe Protocol **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (u.GTKG)][Plen Bins: 10,10,40,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/netflix.pcap.out b/tests/cfgs/default/result/netflix.pcap.out
index 045d886e2..b5a0042f4 100644
--- a/tests/cfgs/default/result/netflix.pcap.out
+++ b/tests/cfgs/default/result/netflix.pcap.out
@@ -42,29 +42,29 @@ JA3 Host Stats:
1 192.168.1.7 4
- 1 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.3.140][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0]
+ 1 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][21 pkts/1868 bytes <-> 34 pkts/45139 bytes][Goodput ratio: 19/95][2.09 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.921 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/2 70/47 708/633 171/121][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/1328 420/1514 75/457][URL: 23.246.3.140/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.3.140 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0]
2 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][31 pkts/2893 bytes <-> 32 pkts/44112 bytes][Goodput ratio: 17/95][42.46 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.877 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 425/43 3643/161 850/35][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 93/1378 312/1514 59/421][URL: art-2.nflximg.net/af7a5/362643424e775d0393ddb46e145c2375367af7a5.webp][StatusCode: 200][Content-Type: image/webp][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /af)][Plen Bins: 0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
- 3 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][Hostname/SNI: 23.246.11.145][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.145][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
+ 3 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][21 pkts/1826 bytes <-> 32 pkts/43179 bytes][Goodput ratio: 19/95][1.58 sec][Hostname/SNI: 23.246.11.145][bytes ratio: -0.919 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 53/52 354/582 87/111][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/1349 422/1514 75/443][URL: 23.246.11.145/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=39307082][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.145 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
4 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][30 pkts/6328 bytes <-> 39 pkts/37610 bytes][Goodput ratio: 69/93][38.50 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1640/1232 30390/30443 6288/5475][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 211/964 1514/1514 376/637][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,5,5,0,2,2,5,0,0,0,0,0,0,0,2,2,0,0,0,2,0,2,0,0,0,0,0,0,0,2,5,0,0,0,0,0,0,0,0,0,0,0,2,0,0,57,0,0]
5 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][12 pkts/1221 bytes <-> 29 pkts/41018 bytes][Goodput ratio: 20/95][1.39 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.942 (Download)][IAT c2s/s2c min/avg/max/stddev: 11/0 28/35 45/81 10/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 102/1414 311/1514 64/366][URL: art-1.nflximg.net/8b1fa/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /8b)][Plen Bins: 0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0]
- 6 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (czGET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0]
+ 6 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][31 pkts/2596 bytes <-> 29 pkts/37544 bytes][Goodput ratio: 14/95][7.33 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.871 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 267/77 1392/465 372/115][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1295 424/1514 63/489][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=114897][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (czGET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0]
7 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][16 pkts/1558 bytes <-> 25 pkts/33413 bytes][Goodput ratio: 31/95][2.07 sec][Hostname/SNI: art-1.nflximg.net][bytes ratio: -0.911 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 166/94 1389/1416 394/300][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 97/1337 311/1514 81/428][URL: art-1.nflximg.net/4e36d/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /4e)][Plen Bins: 0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
8 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 10][cat: Video/26][15 pkts/3626 bytes <-> 26 pkts/29544 bytes][Goodput ratio: 72/94][31.31 sec][Hostname/SNI: appboot.netflix.com][bytes ratio: -0.781 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3092/21 30728/135 9212/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 242/1136 1514/1514 405/584][URL: appboot.netflix.com/appboot/NFAPPL-02-][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: application/x-msl+json][Server: appboot-:7001 i-0b273b4c40f4e78a3][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /appboot/NFAPPL)][Plen Bins: 0,0,0,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,75,0,0]
- 9 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
- 10 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.133][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
- 11 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][Goodput ratio: 14/95][7.15 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 265/326 1355/1382 337/387][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1275 423/1514 62/517][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0]
+ 9 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][33 pkts/2732 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 13/94][7.16 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.833 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 254/199 1162/1131 295/282][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1203 424/1514 61/564][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=420981][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
+ 10 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][24 pkts/2041 bytes <-> 25 pkts/30064 bytes][Goodput ratio: 17/94][5.93 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.873 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/4 245/165 985/775 248/180][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85/1203 423/1514 71/564][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.133 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 4,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
+ 11 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][31 pkts/2571 bytes <-> 22 pkts/28042 bytes][Goodput ratio: 14/95][7.15 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.832 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/4 265/326 1355/1382 337/387][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1275 423/1514 62/517][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0]
12 TCP 192.168.1.7:53239 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][22 pkts/6384 bytes <-> 26 pkts/23277 bytes][Goodput ratio: 77/93][1.73 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.570 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/42 437/291 101/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 290/895 1514/1514 442/626][TLSv1.2][JA3C: d8bfad189bd26664e04570c104ee8418][JA4: t12d1910h2_b5dc49c6fcca_f44caba5725b][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,10,3,0,0,0,3,0,0,0,0,0,3,6,0,0,3,0,0,3,0,3,0,3,0,0,0,0,0,0,3,0,3,0,0,0,0,0,0,0,0,0,0,3,0,47,0,0]
- 13 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][Goodput ratio: 14/94][7.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/271 635/1046 213/317][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80/1159 426/1514 62/603][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (fGET /range/0)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,80,0,0]
- 14 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][Goodput ratio: 12/95][8.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258/237 1250/1203 331/381][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 424/1514 58/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
- 15 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][Goodput ratio: 13/95][5.76 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/223 1162/1317 246/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 426/1514 60/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
- 16 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][Goodput ratio: 14/94][7.56 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 298/146 1317/530 354/131][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1160 423/1514 63/590][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
+ 13 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][32 pkts/2572 bytes <-> 23 pkts/26661 bytes][Goodput ratio: 14/94][7.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.824 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/271 635/1046 213/317][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 80/1159 426/1514 62/603][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (fGET /range/0)][Plen Bins: 0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,80,0,0]
+ 14 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][36 pkts/3030 bytes <-> 21 pkts/25455 bytes][Goodput ratio: 12/95][8.05 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/4 258/237 1250/1203 331/381][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 424/1514 58/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=413473][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
+ 15 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][34 pkts/2864 bytes <-> 21 pkts/25456 bytes][Goodput ratio: 13/95][5.76 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.798 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/223 1162/1317 246/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 84/1212 426/1514 60/551][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
+ 16 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][30 pkts/2553 bytes <-> 22 pkts/25510 bytes][Goodput ratio: 14/94][7.56 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.818 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/4 298/146 1317/530 354/131][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1160 423/1514 63/590][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
17 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][28 pkts/22704 bytes <-> 17 pkts/5248 bytes][Goodput ratio: 92/78][32.21 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.624 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/84 332/331 94/95][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 811/309 1514/1514 700/493][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,8,4,0,0,4,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,0,0]
18 TCP 192.168.1.7:53249 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][25 pkts/5934 bytes <-> 27 pkts/19952 bytes][Goodput ratio: 72/91][0.86 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.542 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/33 266/316 64/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 237/739 1514/1514 407/542][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 3,3,0,0,3,3,3,0,0,0,0,3,0,3,3,7,0,0,7,7,3,3,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,30,0,0]
- 19 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][Goodput ratio: 12/94][7.38 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222/250 636/1132 227/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1180 424/1514 59/570][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
- 20 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][Goodput ratio: 12/94][8.26 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/289 1152/1208 301/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1119 425/1514 60/614][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
- 21 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][12 pkts/1831 bytes <-> 18 pkts/23224 bytes][Goodput ratio: 56/95][0.40 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.854 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/22 30/71 10/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 153/1290 584/1514 191/435][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0]
- 22 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.133][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
- 23 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][17 pkts/2227 bytes <-> 16 pkts/20481 bytes][Goodput ratio: 46/95][2.05 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.804 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/5 143/82 730/279 218/83][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 131/1280 578/1514 162/436][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.3.140][PLAIN TEXT (oMrLRiWL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,73,0,0]
+ 19 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][35 pkts/2920 bytes <-> 19 pkts/22428 bytes][Goodput ratio: 12/94][7.38 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.770 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/0 222/250 636/1132 227/337][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/1180 424/1514 59/570][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=134564][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
+ 20 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][34 pkts/2879 bytes <-> 20 pkts/22373 bytes][Goodput ratio: 12/94][8.26 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.772 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 238/289 1152/1208 301/406][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 85/1119 425/1514 60/614][URL: 23.246.11.141/range/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=1294][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
+ 21 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][12 pkts/1831 bytes <-> 18 pkts/23224 bytes][Goodput ratio: 56/95][0.40 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.854 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/22 30/71 10/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 153/1290 584/1514 191/435][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,74,0,0]
+ 22 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][30 pkts/2610 bytes <-> 20 pkts/22422 bytes][Goodput ratio: 14/94][7.09 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.791 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 255/290 811/1178 267/325][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 87/1121 424/1514 63/611][URL: 23.246.11.133/range/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=247333][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.133 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,84,0,0]
+ 23 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][17 pkts/2227 bytes <-> 16 pkts/20481 bytes][Goodput ratio: 46/95][2.05 sec][Hostname/SNI: 23.246.3.140][bytes ratio: -0.804 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/5 143/82 730/279 218/83][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 131/1280 578/1514 162/436][URL: 23.246.3.140/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.3.140 / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,5,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,73,0,0]
24 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][22 pkts/10686 bytes <-> 16 pkts/7850 bytes][Goodput ratio: 86/86][0.92 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 46/54 282/127 72/35][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 486/491 1514/1514 603/610][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 10,15,0,5,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,5,0,0,0,5,0,0,0,0,0,0,5,37,0,0]
25 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][6 pkts/636 bytes <-> 13 pkts/16794 bytes][Goodput ratio: 34/95][0.87 sec][Hostname/SNI: tp.akam.nflximg.com][bytes ratio: -0.927 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/27 41/71 80/192 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1292 282/1514 79/521][URL: tp.akam.nflximg.com/tpa3/616/2041779616.bif][StatusCode: 200][Content-Type: text/plain][Server: Apache][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][Risk: ** HTTP Susp Content **][Risk Score: 100][Risk Info: Susp content 89424946][PLAIN TEXT (GET /tpa3/616/2041779616.bif HT)][Plen Bins: 0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,91,0,0]
26 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 12][cat: Video/26][14 pkts/10001 bytes <-> 13 pkts/6504 bytes][Goodput ratio: 91/87][31.72 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.212 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/5 2877/42 31088/123 8921/33][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 714/500 1514/1514 676/651][URL: api-global.netflix.com/msl/nrdjs/2.1.2][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Argo/900 CFNetwork/808.2.16 Darwin/16.3.0][PLAIN TEXT (POST /msl/nrdjs/2.1.2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,9,0,0,0,0,72,0,0]
@@ -73,9 +73,9 @@ JA3 Host Stats:
29 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][10 pkts/941 bytes <-> 11 pkts/12318 bytes][Goodput ratio: 26/94][32.06 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4565/34 30963/63 10780/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 94/1120 311/1514 72/644][URL: art-2.nflximg.net/87b33/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /87)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
30 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Video/26][6 pkts/653 bytes <-> 10 pkts/12252 bytes][Goodput ratio: 37/95][0.33 sec][Hostname/SNI: art-2.nflximg.net][bytes ratio: -0.899 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/13 43/34 101/70 35/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 109/1225 311/1514 91/578][URL: art-2.nflximg.net/5758c/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Argo/9.1.0 (iPhone; iOS 10.2; Scale/2.00)][PLAIN TEXT (GET /5758)][Plen Bins: 0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]
31 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][20 pkts/7639 bytes <-> 16 pkts/5235 bytes][Goodput ratio: 83/80][30.85 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1923/16 30431/72 7361/24][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 382/327 1514/1514 559/501][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,24,5,0,0,5,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,31,0,0]
- 32 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][9 pkts/1658 bytes <-> 10 pkts/11113 bytes][Goodput ratio: 62/94][0.68 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/5 73/76 356/206 117/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 184/1111 581/1514 211/518][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.141][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,9,9,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0]
+ 32 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][9 pkts/1658 bytes <-> 10 pkts/11113 bytes][Goodput ratio: 62/94][0.68 sec][Hostname/SNI: 23.246.11.141][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/5 73/76 356/206 117/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 184/1111 581/1514 211/518][URL: 23.246.11.141/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.141 / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL2)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,9,9,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0]
33 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][19 pkts/7588 bytes <-> 15 pkts/5140 bytes][Goodput ratio: 83/81][30.38 sec][Hostname/SNI: ichnaea.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.192 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 2017/14 30033/55 7488/20][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 399/343 1514/1514 569/514][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,18,6,0,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,31,0,0]
- 34 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][8 pkts/1564 bytes <-> 9 pkts/9556 bytes][Goodput ratio: 65/94][0.27 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.719 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/5 26/29 45/41 14/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 196/1062 581/1514 221/531][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.11.133][PLAIN TEXT (oMrLRiWL1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,10,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
+ 34 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][8 pkts/1564 bytes <-> 9 pkts/9556 bytes][Goodput ratio: 65/94][0.27 sec][Hostname/SNI: 23.246.11.133][bytes ratio: -0.719 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/5 26/29 45/41 14/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 196/1062 581/1514 221/531][URL: 23.246.11.133/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: AppleCoreMedia/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.11.133 / Found binary mime octet-stream][PLAIN TEXT (oMrLRiWL1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,10,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
35 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][17 pkts/5528 bytes <-> 14 pkts/5406 bytes][Goodput ratio: 80/83][3.15 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/303 2449/2522 645/743][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 325/386 1514/1514 478/534][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 13,21,6,6,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,6,0,0,0,0,21,0,0]
36 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][11 pkts/3220 bytes <-> 11 pkts/7133 bytes][Goodput ratio: 77/90][0.34 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/29 75/67 27/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/648 1514/1514 432/662][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,15,7,0,0,0,7,7,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][Goodput ratio: 84/87][0.34 sec][Hostname/SNI: ios.nccp.netflix.com][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/31 85/65 31/27][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/507 1514/1514 533/591][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][JA4: t12d910600_383454ac02f4_8587f467d9ea][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,0,8,0,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,8,0,0,0,0,0,25,0,0]
@@ -85,7 +85,7 @@ JA3 Host Stats:
41 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][Goodput ratio: 74/84][30.77 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/22 143/79 43/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 253/423 1514/1514 422/512][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,9,0,0,9,0,9,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,18,0,0]
42 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 7][cat: Video/26][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][Goodput ratio: 36/84][30.93 sec][Hostname/SNI: api-global.netflix.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2373/20 30602/58 8149/26][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 104/417 309/1514 78/548][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,23,15,0,0,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
43 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/TLS.NetFlix][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 9][cat: Video/26][19 pkts/2356 bytes <-> 8 pkts/4069 bytes][Goodput ratio: 46/87][0.12 sec][Hostname/SNI: art-s.nflximg.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.267 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/7 26/21 9/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/509 293/1514 58/602][TLSv1.2][JA3C: c07cb55f88702033a8f52c046d23e0b2][JA4: t12d1909h2_b5dc49c6fcca_2cdefc264be7][ServerNames: secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net][JA3S: ef6b224ce027c8e21e5a25d8a58255a3][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net][Certificate SHA-1: 0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26][Firefox][Validity: 2016-04-06 00:00:00 - 2017-04-05 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,28,39,0,5,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
- 44 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][5 pkts/698 bytes <-> 5 pkts/5198 bytes][Goodput ratio: 51/93][0.08 sec][Hostname/SNI: 23.246.10.139][bytes ratio: -0.763 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/1 18/14 35/35 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 140/1040 422/1514 141/603][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 23.246.10.139][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0]
+ 44 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7/HTTP][IP: 133/NetFlix][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][5 pkts/698 bytes <-> 5 pkts/5198 bytes][Goodput ratio: 51/93][0.08 sec][Hostname/SNI: 23.246.10.139][bytes ratio: -0.763 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/1 18/14 35/35 11/13][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 140/1040 422/1514 141/603][URL: 23.246.10.139/range/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=34073607][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: netflix-ios-app][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 23.246.10.139 / Found binary mime octet-stream][PLAIN TEXT (GET /range/0)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0]
45 TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][Goodput ratio: 76/81][0.21 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/20 92/54 34/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283/355 1450/1066 419/413][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0]
46 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Video/26][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][Goodput ratio: 39/69][30.71 sec][Hostname/SNI: api-global.netflix.com][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3064/6120 30486/30536 9141/12208][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 108/215 309/989 83/296][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: 7e72698146290dd68239f788a452e7d8][JA4: t12d190700_b5dc49c6fcca_3304d8368043][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,12,12,0,12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 UDP 192.168.1.7:53776 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][16 pkts/2648 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][79.13 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 105/0 4588/0 14907/0 6547/0][Pkt Len c2s/s2c min/avg/max/stddev: 164/0 166/0 167/0 2/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out
index fc5625a2e..d329d2a36 100644
--- a/tests/cfgs/default/result/pps.pcap.out
+++ b/tests/cfgs/default/result/pps.pcap.out
@@ -39,15 +39,15 @@ Fun 56 36585 20
Unrated 618 227656 29
1 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Goodput ratio: 87/96][0.02 sec][Hostname/SNI: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426/1303 426/1314 0/56][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 223.26.106.66][PLAIN TEXT (GET /videos/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,93,0,0,0,0,0,0,0,0]
- 2 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.283/HTTP.Cybersec][IP: 307/AVAST][ClearText][Confidence: DPI][DPI packets: 9][cat: Download/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Goodput ratio: 95/96][13.04 sec][Hostname/SNI: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/0 307/0 127/0][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002/1239 1314/1314 434/215][URL: bcu.ff.avast.com/bc2][StatusCode: 200][Req Content-Type: application/x-enc][Content-Type: application/octet-stream][Server: nginx/1.8.0][User-Agent: {D699054D-1699-47D2-9B2B-E96F438C1160}][Risk: ** HTTP Susp User-Agent **** HTTP Obsolete Server **][Risk Score: 150][Risk Info: Suspicious Log4J / Obsolete nginx server 1.8.0][PLAIN TEXT (POST /bc2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,75,0,0,0,0,0,0,0,0]
+ 2 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.283/HTTP.Cybersec][IP: 307/AVAST][ClearText][Confidence: DPI][DPI packets: 9][cat: Download/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Goodput ratio: 95/96][13.04 sec][Hostname/SNI: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/0 307/0 127/0][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002/1239 1314/1314 434/215][URL: bcu.ff.avast.com/bc2][StatusCode: 200][Req Content-Type: application/x-enc][Content-Type: application/octet-stream][Server: nginx/1.8.0][User-Agent: {D699054D-1699-47D2-9B2B-E96F438C1160}][Risk: ** HTTP Susp User-Agent **** HTTP Obsolete Server **** Binary file/data transfer (attempt) **][Risk Score: 200][Risk Info: Suspicious Log4J / Obsolete nginx server 1.8.0 / Found binary mime octet-stream][PLAIN TEXT (POST /bc2 HTTP/1.1)][Plen Bins: 0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,4,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,75,0,0,0,0,0,0,0,0]
3 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/303 bytes <-> 9 pkts/11826 bytes][Goodput ratio: 82/96][0.09 sec][Hostname/SNI: preimage1.qiyipic.com][bytes ratio: -0.950 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/4 0/30 0/10][Pkt Len c2s/s2c min/avg/max/stddev: 303/1314 303/1314 303/1314 0/0][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_1.jpg?no=1][StatusCode: 200][Content-Type: image/jpeg][Server: QWS][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)][Plen Bins: 0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,90,0,0,0,0,0,0,0,0]
4 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][6.36 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 46/0 393/0 2654/0 855/0][Pkt Len c2s/s2c min/avg/max/stddev: 473/0 518/0 553/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/303 bytes <-> 4 pkts/5256 bytes][Goodput ratio: 82/96][0.06 sec][Hostname/SNI: preimage1.qiyipic.com][URL: preimage1.qiyipic.com/preimage/20160506/f0/1f/v_110359998_m_611_160_90_2.jpg?no=2][StatusCode: 200][Content-Type: image/jpeg][Server: QWS][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /preimage/20160506/f0/1)][Plen Bins: 0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0,0,0,0,0,0,0]
- 6 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/400 bytes <-> 4 pkts/4508 bytes][Goodput ratio: 73/95][0.04 sec][Hostname/SNI: static.qiyi.com][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/0 35/12 35/35 0/16][Pkt Len c2s/s2c min/avg/max/stddev: 198/566 200/1127 202/1314 2/324][URL: static.qiyi.com/ext/common/qisu2/downloader.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: Downloader][PLAIN TEXT (GET /ext/common/qisu2/downloade)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
+ 6 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/400 bytes <-> 4 pkts/4508 bytes][Goodput ratio: 73/95][0.04 sec][Hostname/SNI: static.qiyi.com][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/0 35/12 35/35 0/16][Pkt Len c2s/s2c min/avg/max/stddev: 198/566 200/1127 202/1314 2/324][URL: static.qiyi.com/ext/common/qisu2/downloader.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: Downloader][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/downloade)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0]
7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Goodput ratio: 92/94][0.04 sec][Hostname/SNI: cache.video.iqiyi.com][URL: cache.video.iqiyi.com/vi/500494600/562e26caed5695900212eb3259070f8a/?src=1_11_114][StatusCode: 200][Content-Type: text/html][Server: nginx][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (GET /vi/500494600/562)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Goodput ratio: 94/73][0.55 sec][Hostname/SNI: msg.71.am][bytes ratio: 0.653 (Upload)][IAT c2s/s2c min/avg/max/stddev: 117/118 216/217 315/316 99/99][Pkt Len c2s/s2c min/avg/max/stddev: 946/199 948/199 952/199 3/0][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7.283/HTTP.Cybersec][IP: 307/AVAST][ClearText][Confidence: DPI][DPI packets: 5][cat: Cybersecurity/33][4 pkts/2953 bytes <-> 1 pkts/356 bytes][Goodput ratio: 93/85][0.24 sec][Hostname/SNI: su.ff.avast.com][URL: su.ff.avast.com/R/A3gKIDljY2I3ODkyM2NiMTRlMTBiNzRmZGQ3OTE4ODdhNDZlEgQCMAYWGKAEIgH_KgcIBBDmzNlDKgcIAxCrn_tBMgoIBBDmzNlDGIAKOM2RhFhCICsB593vKxQ6cVzAgCL_b9XWlsFQVx754ZgCHv1XaVp1SICCmAg=][Req Content-Type: application/octet-stream][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0]
- 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Goodput ratio: 73/90][0.09 sec][Hostname/SNI: static.qiyi.com][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/19 27/27 34/35 6/7][Pkt Len c2s/s2c min/avg/max/stddev: 198/526 200/528 202/530 2/2][URL: static.qiyi.com/ext/common/qisu2/masauto.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masauto_runxx][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7.283/HTTP.Cybersec][IP: 307/AVAST][ClearText][Confidence: DPI][DPI packets: 5][cat: Cybersecurity/33][4 pkts/2953 bytes <-> 1 pkts/356 bytes][Goodput ratio: 93/85][0.24 sec][Hostname/SNI: su.ff.avast.com][URL: su.ff.avast.com/R/A3gKIDljY2I3ODkyM2NiMTRlMTBiNzRmZGQ3OTE4ODdhNDZlEgQCMAYWGKAEIgH_KgcIBBDmzNlDKgcIAxCrn_tBMgoIBBDmzNlDGIAKOM2RhFhCICsB593vKxQ6cVzAgCL_b9XWlsFQVx754ZgCHv1XaVp1SICCmAg=][Req Content-Type: application/octet-stream][Risk: ** HTTP Susp User-Agent **** Binary file/data transfer (attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,20,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0]
+ 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Goodput ratio: 73/90][0.09 sec][Hostname/SNI: static.qiyi.com][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/19 27/27 34/35 6/7][Pkt Len c2s/s2c min/avg/max/stddev: 198/526 200/528 202/530 2/2][URL: static.qiyi.com/ext/common/qisu2/masauto.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masauto_runxx][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Goodput ratio: 82/95][0.06 sec][Hostname/SNI: meta.video.qiyi.com][URL: meta.video.qiyi.com/20160625/a5/bf/413f91ad101e780a6b63f826e28b9920.xml][StatusCode: 200][Content-Type: text/xml][Server: QWS][User-Agent: QY-Player-Windows/2.0.102][PLAIN TEXT (GET /20160625/a)][Plen Bins: 0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0]
12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Goodput ratio: 94/73][2.78 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][7.29 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -59,11 +59,11 @@ Unrated 618 227656 29
19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Goodput ratio: 92/93][0.12 sec][Hostname/SNI: click.hm.baidu.com][URL: click.hm.baidu.com/clk?53e25e33e064c657c06b558e5c3c33fd][StatusCode: 302][Server: apache][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][PLAIN TEXT (GET /clk)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Goodput ratio: 86/89][0.28 sec][Hostname/SNI: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/2efc8cd5fbe0f4ee498fb1c2fc1de8b6/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012][StatusCode: 200][Content-Type: text/plain][Server: nginx/1.9.4][User-Agent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.9.4][PLAIN TEXT (GET /2efc)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,33,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Goodput ratio: 95/72][0.09 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%][StatusCode: 200][Content-Type: text/html][Server: nginx/1.8.0][User-Agent: Qiyi List Client PC 5.2.15.2240][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0]
- 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Download/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Goodput ratio: 88/88][2.24 sec][Hostname/SNI: 223.26.106.66][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 223.26.106.66][PLAIN TEXT (GET /videos/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Download/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Goodput ratio: 88/88][2.24 sec][Hostname/SNI: 223.26.106.66][URL: 223.26.106.66/videos/v0/20160625/a5/bf/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b][StatusCode: 200][Content-Type: application/octet-stream][Server: nginx][User-Agent: HCDNClient_WINPC;libcurl/7.26.0 OpenSSL/1.0.1g zlib/1.2.5;QK/10.0.0.293][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 223.26.106.66 / Found binary mime octet-stream][PLAIN TEXT (GET /videos/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,33,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Goodput ratio: 95/62][0.10 sec][Hostname/SNI: click.hm.baidu.com][URL: click.hm.baidu.com/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0][StatusCode: 204][Content-Type: image/gif][Server: apache][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][PLAIN TEXT (GET /mkt.gif)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Goodput ratio: 95/73][0.78 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A//vodguide.pps.iqiyi.com/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26b][StatusCode: 200][Content-Type: text/html][Server: nginx/1.8.0][User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Goodput ratio: 95/72][0.05 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=2265][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Goodput ratio: 74/95][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/downloadhelper.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: DownloadHelper_runxx][PLAIN TEXT (GET /ext/common/qisu2/downloadh)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Goodput ratio: 74/95][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/downloadhelper.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: DownloadHelper_runxx][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/downloadh)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.16 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.09 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Goodput ratio: 94/73][0.06 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /cp)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -88,17 +88,17 @@ Unrated 618 227656 29
48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Goodput ratio: 91/73][0.13 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Goodput ratio: 90/73][0.15 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Goodput ratio: 88/81][0.09 sec][Hostname/SNI: cmc.tanx.com][URL: cmc.tanx.com/andc?andc_uid=6693851615885049011&andc_ver=1][StatusCode: 200][Content-Type: image/gif][Server: Tengine][User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)][PLAIN TEXT (GET /andc)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/526 bytes][Goodput ratio: 72/90][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masblog.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masblog_runxx][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/526 bytes][Goodput ratio: 72/90][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masblog.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masblog_runxx][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Goodput ratio: 80/83][0.22 sec][Hostname/SNI: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/composite/app.php/Global/Index/ip][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/composite/ap)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/163 bytes <-> 2 pkts/557 bytes][Goodput ratio: 66/80][0.09 sec][Hostname/SNI: iplocation.geo.qiyi.com][URL: iplocation.geo.qiyi.com/cityjson][StatusCode: 200][Content-Type: charset=utf-8][Server: openresty][User-Agent: QYAgent_runxx][PLAIN TEXT (GET /cityjson HTTP/1.1)][Plen Bins: 33,0,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Goodput ratio: 79/83][0.21 sec][Hostname/SNI: api.magicansoft.com][URL: api.magicansoft.com/comMagicanApi/index.php/ToolBox/version][StatusCode: 502][Content-Type: text/html][Server: MServer 1.2.2][User-Agent: Magican (unknown version) CFNetwork/720.5.7 Darwin/14.5.0 (x86_64)][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 502][PLAIN TEXT (GET /comMagicanApi/index.php/To)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/493 bytes][Goodput ratio: 72/89][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masflag.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masflag_runxx][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/493 bytes][Goodput ratio: 72/89][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/masflag.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: masflag_runxx][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E][User-Agent: QY-Player-Windows/2.0.102][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/253 bytes <-> 1 pkts/430 bytes][Goodput ratio: 78/87][0.04 sec][Hostname/SNI: pdata.video.qiyi.com][URL: pdata.video.qiyi.com/k][StatusCode: 200][Content-Type: text/html][Server: nginx/1.9.4][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.9.4][PLAIN TEXT (GET /k HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Goodput ratio: 86/80][0.14 sec][Hostname/SNI: nl.rcd.iqiyi.com][URL: nl.rcd.iqiyi.com/apis/urc/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30][StatusCode: 200][Content-Type: text/plain][Server: Tengine][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /apis/urc/setrc)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Goodput ratio: 86/80][3.07 sec][Hostname/SNI: nl.rcd.iqiyi.com][URL: nl.rcd.iqiyi.com/apis/urc/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30][StatusCode: 200][Content-Type: text/plain][Server: Tengine][User-Agent: Qiyi List Client PC 5.2.15.2240][PLAIN TEXT (GET /apis/urc/setrc)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Goodput ratio: 87/72][0.11 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147][StatusCode: 200][Content-Type: text/html][Server: nginx/1.8.0][User-Agent: Qiyi List Client PC 5.2.15.2240][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/420 bytes][Goodput ratio: 72/87][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/QYAgent.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: QYAgent_runxx][PLAIN TEXT (GET /ext/common/qisu2/Q)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/198 bytes <-> 1 pkts/420 bytes][Goodput ratio: 72/87][0.00 sec][Hostname/SNI: static.qiyi.com][URL: static.qiyi.com/ext/common/qisu2/QYAgent.ini][StatusCode: 200][Content-Type: application/octet-stream][Server: QWS][User-Agent: QYAgent_runxx][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /ext/common/qisu2/Q)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Goodput ratio: 87/73][0.09 sec][Hostname/SNI: msg.71.am][URL: msg.71.am/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000][StatusCode: 200][Content-Type: text/html][Server: nginx/1.4.7][User-Agent: QY-Player-Windows/2.0.102][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.4.7][PLAIN TEXT (GET /core)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.54/HTTP.PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Goodput ratio: 86/72][0.09 sec][Hostname/SNI: msg.iqiyi.com][URL: msg.iqiyi.com/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240][StatusCode: 200][Content-Type: text/html][Server: nginx/1.8.0][User-Agent: Qiyi List Client PC 5.2.15.2240][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /b)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/264 bytes <-> 1 pkts/199 bytes][Goodput ratio: 79/73][0.07 sec][Hostname/SNI: msg.video.qiyi.com][URL: msg.video.qiyi.com/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo][StatusCode: 200][Content-Type: image/gif][Server: nginx/1.8.0][User-Agent: QIYiAngent][Risk: ** HTTP Obsolete Server **][Risk Score: 50][Risk Info: Obsolete nginx server 1.8.0][PLAIN TEXT (GET /tmpstats.gif)][Plen Bins: 0,0,0,0,50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/quickplay.pcap.out b/tests/cfgs/default/result/quickplay.pcap.out
index 51e6b1397..d4a3bfce8 100644
--- a/tests/cfgs/default/result/quickplay.pcap.out
+++ b/tests/cfgs/default/result/quickplay.pcap.out
@@ -42,10 +42,10 @@ Fun 18 6521 8
10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Goodput ratio: 90/95][0.64 sec][Hostname/SNI: play-singtelhawk.quickplay.com][URL: play-singtelhawk.quickplay.com/vstb/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=091][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /vstb/playlist)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.287/HTTP.Xiaomi][IP: 265/AmazonAWS][ClearText][Confidence: DPI][DPI packets: 2][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Goodput ratio: 91/93][0.32 sec][Hostname/SNI: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: application/json][Server: Tengine/2.0.1][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /pass/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Goodput ratio: 91/61][2.08 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmsnssync][Req Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/461 bytes <-> 2 pkts/522 bytes][Goodput ratio: 88/78][2.81 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/getcontactlabellist][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 14 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/681 bytes <-> 1 pkts/262 bytes][Goodput ratio: 92/78][0.14 sec][Hostname/SNI: hkminorshort.weixin.qq.com][URL: http://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 15 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/616 bytes <-> 1 pkts/261 bytes][Goodput ratio: 91/78][0.37 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/androidgcmreg][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
- 16 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/380 bytes <-> 1 pkts/261 bytes][Goodput ratio: 85/78][0.34 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmbatchemojidownload][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/461 bytes <-> 2 pkts/522 bytes][Goodput ratio: 88/78][2.81 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/getcontactlabellist][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Expected on port 8080,3128 / Found binary mime octet-stream][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 14 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/681 bytes <-> 1 pkts/262 bytes][Goodput ratio: 92/78][0.14 sec][Hostname/SNI: hkminorshort.weixin.qq.com][URL: http://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Expected on port 8080,3128 / Found binary mime octet-stream][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 15 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/616 bytes <-> 1 pkts/261 bytes][Goodput ratio: 91/78][0.37 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/androidgcmreg][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Expected on port 8080,3128 / Found binary mime octet-stream][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ 16 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 131.48/HTTP_Proxy.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][1 pkts/380 bytes <-> 1 pkts/261 bytes][Goodput ratio: 85/78][0.34 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmbatchemojidownload][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **** Binary file/data transfer (attempt) **][Risk Score: 100][Risk Info: Expected on port 8080,3128 / Found binary mime octet-stream][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
17 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Goodput ratio: 77/83][0.46 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Goodput ratio: 77/83][0.46 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Goodput ratio: 76/83][0.34 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build/KOT49H)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out
index c8125fec7..bb95cd372 100644
--- a/tests/cfgs/default/result/starcraft_battle.pcap.out
+++ b/tests/cfgs/default/result/starcraft_battle.pcap.out
@@ -41,7 +41,7 @@ Safe 46 3071 14
Acceptable 506 304727 31
Fun 245 52374 7
- 1 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Goodput ratio: 4/96][3.22 sec][Hostname/SNI: llnw.blizzard.com][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/3 2914/58 341/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 56/1451 241/1514 20/291][URL: llnw.blizzard.com/sc2-pod-retail/AF11CD00/EU/24621.direct/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil][StatusCode: 200][Content-Type: application/octet-stream][Server: Apache][User-Agent: Blizzard Web Client][Risk: ** Susp DGA Domain name **][Risk Score: 100][Risk Info: llnw.blizzard.com][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0]
+ 1 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][90 pkts/5059 bytes <-> 89 pkts/129145 bytes][Goodput ratio: 4/96][3.22 sec][Hostname/SNI: llnw.blizzard.com][bytes ratio: -0.925 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/3 2914/58 341/11][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 56/1451 241/1514 20/291][URL: llnw.blizzard.com/sc2-pod-retail/AF11CD00/EU/24621.direct/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil][StatusCode: 200][Content-Type: application/octet-stream][Server: Apache][User-Agent: Blizzard Web Client][Risk: ** Susp DGA Domain name **** Binary file/data transfer (attempt) **][Risk Score: 150][Risk Info: llnw.blizzard.com / Found binary mime octet-stream][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,97,0,0]
2 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][126 pkts/9157 bytes <-> 89 pkts/41021 bytes][Goodput ratio: 26/88][3.83 sec][bytes ratio: -0.635 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/37 1016/1086 104/133][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 73/461 249/1514 28/593][PLAIN TEXT (matteobracci1@gmail.com)][Plen Bins: 76,2,2,2,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,13,0,0]
3 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/971 bytes <-> 26 pkts/36462 bytes][Goodput ratio: 15/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.948 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/3 33/34 13/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 65/1402 203/1514 37/387][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/gc/GCF1DHMH8FDY1434670037434.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,0,0]
4 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][11 pkts/755 bytes <-> 18 pkts/24350 bytes][Goodput ratio: 20/96][0.10 sec][Hostname/SNI: bnetcmsus-a.akamaihd.net][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/4 37/64 16/16][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 69/1353 203/1514 43/456][URL: bnetcmsus-a.akamaihd.net/cms/bnet_thumbnail/4j/4J7OUIISCLTQ1436943629210.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: Apache][User-Agent: Battle.net Web Client][PLAIN TEXT (GET /cms/bnet)][Plen Bins: 0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,94,0,0]
diff --git a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out
index 85ab4fe74..63ade9ccc 100644
--- a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out
+++ b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out
@@ -56,8 +56,8 @@ JA3 Host Stats:
8 TCP 192.168.1.121:53917 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 7][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/17 50/50 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][JA4: t00d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
9 TCP 192.168.1.121:53918 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 7][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/17 51/51 23/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][JA4: t00d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
10 TCP 192.168.1.121:53919 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][DPI packets: 7][cat: Cloud/13][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/16 48/48 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][TLSv1.2][JA3C: 656b9a2f4de6ed4909e157482860ab3d][JA4: t00d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
- 11 TCP 192.168.1.121:53913 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/621 bytes <-> 5 pkts/2517 bytes][Goodput ratio: 34/87][0.04 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 20/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/503 279/1502 79/576][URL: www.microsoft.com/pkiops/certs/MicSecSerCA2011_2011-10-18.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **][Risk Score: 100][Risk Info: Found TLS_version: UNKNOWN][PLAIN TEXT (GET /pkiops/certs/MicSecSerCA)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
- 12 TCP 192.168.1.121:53912 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/619 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 34/85][0.05 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 21/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/456 277/1502 78/558][URL: www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **][Risk Score: 100][Risk Info: Found TLS_version: UNKNOWN][PLAIN TEXT (GET /pki/certs/MicRooCerAut)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
+ 11 TCP 192.168.1.121:53913 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/621 bytes <-> 5 pkts/2517 bytes][Goodput ratio: 34/87][0.04 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 20/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/503 279/1502 79/576][URL: www.microsoft.com/pkiops/certs/MicSecSerCA2011_2011-10-18.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary file/data transfer (attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][PLAIN TEXT (GET /pkiops/certs/MicSecSerCA)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
+ 12 TCP 192.168.1.121:53912 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][6 pkts/619 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 34/85][0.05 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 21/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/456 277/1502 78/558][URL: www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary file/data transfer (attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][PLAIN TEXT (GET /pki/certs/MicRooCerAut)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
13 UDP 192.168.1.121:52251 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 5][cat: Network/14][8 pkts/767 bytes <-> 8 pkts/1085 bytes][Goodput ratio: 56/69][1.01 sec][Hostname/SNI: 60.21.149.52.in-addr.arpa][::][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 165/2 988/5 368/2][Pkt Len c2s/s2c min/avg/max/stddev: 80/86 96/136 132/196 21/42][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (msnhst)][Plen Bins: 0,57,18,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 192.168.1.121:51998 <-> 8.8.8.8:53 [proto: 5/DNS][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][3 pkts/255 bytes <-> 3 pkts/449 bytes][Goodput ratio: 50/72][1.02 sec][Hostname/SNI: 235.33.22.2.in-addr.arpa][::][bytes ratio: -0.276 (Download)][IAT c2s/s2c min/avg/max/stddev: 999/996 500/498 999/996 500/498][Pkt Len c2s/s2c min/avg/max/stddev: 84/131 85/150 86/171 1/16][PLAIN TEXT (deploy)][Plen Bins: 0,51,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 UDP 192.168.1.121:5353 -> 192.168.1.139:5353 [proto: 8/MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/waze.pcap.out b/tests/cfgs/default/result/waze.pcap.out
index 845588214..6ed8d2563 100644
--- a/tests/cfgs/default/result/waze.pcap.out
+++ b/tests/cfgs/default/result/waze.pcap.out
@@ -43,7 +43,7 @@ JA3 Host Stats:
1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][Goodput ratio: 74/96][19.68 sec][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 288/329 3806/5018 686/820][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 209/1361 590/17258 183/3378][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: TLSv1 / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 714ac86d50db68420429ca897688f5f3 (WEAK)][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,5,0,0,21,1,5,3,3,1,10,1,0,0,0,0,14,0,0,0,0,0,1,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23]
- 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Goodput ratio: 20/98][5.27 sec][Hostname/SNI: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 321/373 3680/3677 903/960][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 69/3439 317/11833 59/3468][URL: xtra1.gpsonextra.net/xtra2.bin][StatusCode: 200][Content-Type: application/octet-stream][Server: Cherokee][User-Agent: Android][PLAIN TEXT (GET /xtra)][Plen Bins: 0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,71]
+ 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Goodput ratio: 20/98][5.27 sec][Hostname/SNI: xtra1.gpsonextra.net][bytes ratio: -0.959 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 321/373 3680/3677 903/960][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 69/3439 317/11833 59/3468][URL: xtra1.gpsonextra.net/xtra2.bin][StatusCode: 200][Content-Type: application/octet-stream][Server: Cherokee][User-Agent: Android][Risk: ** Binary file/data transfer (attempt) **][Risk Score: 50][Risk Info: Found binary mime octet-stream][PLAIN TEXT (GET /xtra)][Plen Bins: 0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,71]
3 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][17 pkts/1962 bytes <-> 16 pkts/56934 bytes][Goodput ratio: 52/98][2.64 sec][bytes ratio: -0.933 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 155/189 387/415 137/131][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/3558 590/21942 132/6125][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,0,0,0,15,7,0,7,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,39]
4 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 8][cat: Web/5][17 pkts/2176 bytes <-> 15 pkts/42443 bytes][Goodput ratio: 57/98][3.70 sec][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 218/126 1449/293 383/116][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2830 590/11186 147/3901][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,0,7,7,0,7,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,35]
5 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/TLS.Waze][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][15 pkts/1540 bytes <-> 13 pkts/26346 bytes][Goodput ratio: 46/97][3.22 sec][bytes ratio: -0.890 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 237/155 1289/609 359/182][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 103/2027 411/8150 98/2612][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLSv1][TLSv1][JA3C: f392f120f1087cd2f8814539cf58cfa4][JA4: t10d320300_771403ec58f7_a875e5012fde][ServerNames: *.world.waze.com][JA3S: 39f74f5618836d3c5f7dcccc9f67ba75][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com][Certificate SHA-1: 30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B][Validity: 2014-11-06 16:09:20 - 2015-11-06 16:09:20][Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,8,0,0,8,8,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33]
diff --git a/tests/cfgs/default/result/windowsupdate_over_http.pcap.out b/tests/cfgs/default/result/windowsupdate_over_http.pcap.out
index 068c12bb4..d802aefbf 100644
--- a/tests/cfgs/default/result/windowsupdate_over_http.pcap.out
+++ b/tests/cfgs/default/result/windowsupdate_over_http.pcap.out
@@ -25,4 +25,4 @@ WindowsUpdate 20 15975 1
Safe 20 15975 1
- 1 TCP 10.0.2.15:49815 <-> 151.99.72.125:80 [proto: 7.147/HTTP.WindowsUpdate][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][8 pkts/923 bytes <-> 12 pkts/15052 bytes][Goodput ratio: 52/96][0.02 sec][Hostname/SNI: 151.99.72.125][bytes ratio: -0.884 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 9/8 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/1254 533/1514 158/536][URL: 151.99.72.125/data/0783dedfb62fa709/msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVp][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: Microsoft-Delivery-Optimization/10.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 151.99.72.125][PLAIN TEXT (GET /data/0783dedfb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,72,0,0]
+ 1 TCP 10.0.2.15:49815 <-> 151.99.72.125:80 [proto: 7.147/HTTP.WindowsUpdate][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Download/7][8 pkts/923 bytes <-> 12 pkts/15052 bytes][Goodput ratio: 52/96][0.02 sec][Hostname/SNI: 151.99.72.125][bytes ratio: -0.884 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 9/8 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 115/1254 533/1514 158/536][URL: 151.99.72.125/data/0783dedfb62fa709/msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVp][StatusCode: 206][Content-Type: application/octet-stream][Server: nginx][User-Agent: Microsoft-Delivery-Optimization/10.0][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **** Binary file/data transfer (attempt) **][Risk Score: 60][Risk Info: Found host 151.99.72.125 / Found binary mime octet-stream][PLAIN TEXT (GET /data/0783dedfb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,72,0,0]
Powered by cgit, Themed by Ted Yin.