Reworked human readeable string search in flows

Removed fragment manager code

12 files changed, 28 insertions, 28 deletions

diff --git a/tests/result/alexa-app.pcapng.out b/tests/result/alexa-app.pcapng.out
index de8dbc9e7..b6d057c41 100644
--- a/tests/result/alexa-app.pcapng.out
+++ b/tests/result/alexa-app.pcapng.out
@@ -25,17 +25,17 @@ JA3 Host Stats:
 	7	TCP 172.16.42.216:51992 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][27 pkts/3443 bytes <-> 24 pkts/29237 bytes][Goodput ratio: 48/95][1.13 sec][Host: ecx.images-amazon.com][bytes ratio: -0.789 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/6 368/110 98/25][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/1218 613/1514 172/546][URL: ecx.images-amazon.com/images/I/71nqwmwmRlL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/71nqwmwmRlL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,74,0,0]
 	8	TCP 172.16.42.216:41691 <-> 54.239.29.146:443 [proto: 91.178/TLS.Amazon][cat: Web/5][28 pkts/5292 bytes <-> 28 pkts/24601 bytes][Goodput ratio: 71/94][100.86 sec][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 37/78 293/443 72/134][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/879 1514/1514 381/687][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: api.amazon.com][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: api.amazon.com,wsync.us-east-1.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com][Certificate SHA-1: 1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D][Firefox][Validity: 2016-09-05 00:00:00 - 2017-09-23 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,0,3,0,15,3,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,68,0,0]
 	9	TCP 172.16.42.216:38483 <-> 52.85.209.143:443 [proto: 91.178/TLS.Amazon][cat: Web/5][32 pkts/3796 bytes <-> 30 pkts/25146 bytes][Goodput ratio: 44/92][0.66 sec][bytes ratio: -0.738 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/19 227/241 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 119/838 732/1514 163/608][Risk: ** TLS (probably) not carrying HTTPS **** SNI TLS extension was missing **][TLSv1.2][JA3C: 36e9ceaa96dd810482573844f78a063f][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Firefox][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,3,6,0,0,6,0,0,0,0,3,3,0,0,3,0,3,0,0,6,3,0,3,0,0,3,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
-	10	TCP 172.16.42.216:34034 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][24 pkts/22786 bytes <-> 19 pkts/2185 bytes][Goodput ratio: 94/49][1.87 sec][ALPN: h2;http/1.1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 511/512 132/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 949/115 1514/564 678/140][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (Km/eGEanalytics.us)][Plen Bins: 4,4,0,0,4,0,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,65,0,0]
-	11	TCP 172.16.42.216:45703 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][32 pkts/18086 bytes <-> 24 pkts/6391 bytes][Goodput ratio: 90/78][13.18 sec][ALPN: h2;http/1.1][bytes ratio: 0.478 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 478/297 3544/1485 870/399][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 565/266 1514/731 644/259][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (xlzyWEui.amazon.com)][Plen Bins: 0,6,3,0,6,9,6,3,3,0,0,0,0,0,0,12,6,3,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
+	10	TCP 172.16.42.216:34034 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][24 pkts/22786 bytes <-> 19 pkts/2185 bytes][Goodput ratio: 94/49][1.87 sec][ALPN: h2;http/1.1][bytes ratio: 0.825 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 511/512 132/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 949/115 1514/564 678/140][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 4,4,0,0,4,0,0,0,4,0,0,0,4,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,65,0,0]
+	11	TCP 172.16.42.216:45703 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][32 pkts/18086 bytes <-> 24 pkts/6391 bytes][Goodput ratio: 90/78][13.18 sec][ALPN: h2;http/1.1][bytes ratio: 0.478 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 478/297 3544/1485 870/399][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 565/266 1514/731 644/259][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,6,3,0,6,9,6,3,3,0,0,0,0,0,0,12,6,3,0,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
 	12	TCP 172.16.42.216:45710 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][26 pkts/13063 bytes <-> 23 pkts/8561 bytes][Goodput ratio: 89/85][10.20 sec][ALPN: h2;http/1.1][bytes ratio: 0.208 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/535 3346/6303 892/1474][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 502/372 1514/1514 619/511][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 3,7,3,3,7,3,3,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,41,0,0]
-	13	TCP 172.16.42.216:54434 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/9106 bytes <-> 15 pkts/10708 bytes][Goodput ratio: 86/91][3.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/241 96/1116 31/336][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 506/714 1514/1514 633/678][TLSv1.2][Client: www.amazon.com][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (BhfsciOzon.com)][Plen Bins: 0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,57,0,0]
+	13	TCP 172.16.42.216:54434 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/9106 bytes <-> 15 pkts/10708 bytes][Goodput ratio: 86/91][3.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/241 96/1116 31/336][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 506/714 1514/1514 633/678][TLSv1.2][Client: www.amazon.com][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,6,57,0,0]
 	14	TCP 172.16.42.216:41914 <-> 52.84.62.115:443 [proto: 91.240/TLS.AmazonVideo][cat: Video/26][20 pkts/6834 bytes <-> 15 pkts/11310 bytes][Goodput ratio: 80/91][0.96 sec][ALPN: h2;http/1.1][bytes ratio: -0.247 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/50 222/242 77/88][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 342/754 1351/1514 506/588][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: images-na.ssl-images-amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Safari][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,5,0,0,5,0,10,0,0,0,0,0,10,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,15,0,0,0,0,27,0,0]
 	15	TCP 172.16.42.216:51997 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][16 pkts/1611 bytes <-> 14 pkts/16206 bytes][Goodput ratio: 34/94][1.14 sec][Host: ecx.images-amazon.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 68/24 628/205 165/61][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1158 613/1514 132/593][URL: ecx.images-amazon.com/images/I/61Tfp7ZVcoL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/61Tfp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
 	16	TCP 172.16.42.216:51989 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][17 pkts/2771 bytes <-> 14 pkts/14992 bytes][Goodput ratio: 59/94][1.36 sec][Host: ecx.images-amazon.com][bytes ratio: -0.688 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/69 377/743 125/213][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/1071 613/1514 208/642][URL: ecx.images-amazon.com/images/I/71pwMKDRQIL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (zTGET /images/I/71pwMKDRQIL.)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,69,0,0]
 	17	TCP 172.16.42.216:44912 <-> 54.239.23.94:443 [proto: 91.178/TLS.Amazon][cat: Web/5][19 pkts/11483 bytes <-> 14 pkts/5858 bytes][Goodput ratio: 91/86][10.46 sec][ALPN: h2;http/1.1][bytes ratio: 0.324 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 552/875 3665/7470 1005/2334][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 604/418 1514/1514 650/593][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Safari][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,41,0,27,0,0]
 	18	TCP 172.16.42.216:51990 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/15104 bytes][Goodput ratio: 35/94][1.25 sec][Host: ecx.images-amazon.com][bytes ratio: -0.813 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 88/21 682/138 190/45][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1162 613/1514 136/600][URL: ecx.images-amazon.com/images/I/612xlaOI2NL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (tyGET /images/I/612)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,72,0,0]
 	19	TCP 172.16.42.216:51988 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][15 pkts/1557 bytes <-> 13 pkts/14454 bytes][Goodput ratio: 35/94][1.26 sec][Host: ecx.images-amazon.com][bytes ratio: -0.806 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 77/27 681/154 186/53][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/1112 613/1514 136/592][URL: ecx.images-amazon.com/images/I/61oBTb+jZvL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/61oBTb)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,72,0,0]
-	20	TCP 172.16.42.216:40871 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/7766 bytes <-> 21 pkts/8198 bytes][Goodput ratio: 86/86][3.82 sec][ALPN: h2;http/1.1][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 182/130 1403/1107 358/296][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/390 1514/1514 570/458][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (@zyJOU)][Plen Bins: 0,18,9,4,0,0,0,9,4,0,0,0,4,0,0,0,0,13,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0]
+	20	TCP 172.16.42.216:40871 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/7766 bytes <-> 21 pkts/8198 bytes][Goodput ratio: 86/86][3.82 sec][ALPN: h2;http/1.1][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 182/130 1403/1107 358/296][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/390 1514/1514 570/458][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,9,4,0,0,0,9,4,0,0,0,4,0,0,0,0,13,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0]
 	21	TCP 172.16.42.216:41912 <-> 52.84.62.115:443 [proto: 91.240/TLS.AmazonVideo][cat: Video/26][16 pkts/3960 bytes <-> 14 pkts/11986 bytes][Goodput ratio: 73/92][0.96 sec][ALPN: h2;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/14 669/71 174/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 248/856 1340/1514 415/644][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: images-na.ssl-images-amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com][Certificate SHA-1: 39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52][Safari][Validity: 2016-09-23 00:00:00 - 2017-10-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,18,0,0,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,12,0,0,0,0,0,38,0,0]
 	22	TCP 172.16.42.216:51985 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][16 pkts/1623 bytes <-> 14 pkts/14282 bytes][Goodput ratio: 34/93][1.26 sec][Host: ecx.images-amazon.com][bytes ratio: -0.796 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 84/45 682/281 185/91][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/1020 613/1514 132/664][URL: ecx.images-amazon.com/images/I/51woiL9kgkL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/51woiL9)][Plen Bins: 0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0]
 	23	TCP 172.16.42.216:51996 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][15 pkts/1545 bytes <-> 13 pkts/14178 bytes][Goodput ratio: 35/94][1.13 sec][Host: ecx.images-amazon.com][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 75/22 764/207 210/62][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/1091 613/1514 136/639][URL: ecx.images-amazon.com/images/I/81Ni5COup-L._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/81Ni5)][Plen Bins: 0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,81,0,0]
@@ -46,13 +46,13 @@ JA3 Host Stats:
 	28	TCP 172.16.42.216:50799 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][20 pkts/9329 bytes <-> 17 pkts/5540 bytes][Goodput ratio: 88/82][10.48 sec][ALPN: h2;http/1.1][bytes ratio: 0.255 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 636/760 7767/8001 1851/2099][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/326 1514/1514 612/473][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,0,5,0,5,5,0,0,11,0,0,0,0,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,43,0,0]
 	29	TCP 172.16.42.216:51993 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][14 pkts/1479 bytes <-> 12 pkts/13075 bytes][Goodput ratio: 37/94][1.13 sec][Host: ecx.images-amazon.com][bytes ratio: -0.797 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 102/23 765/207 218/65][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1090 613/1514 141/624][URL: ecx.images-amazon.com/images/I/61SZU-lPFNL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/61S)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,80,0,0]
 	30	TCP 172.16.42.216:51987 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][14 pkts/1491 bytes <-> 12 pkts/12826 bytes][Goodput ratio: 37/94][1.26 sec][Host: ecx.images-amazon.com][bytes ratio: -0.792 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/22 682/154 199/50][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 106/1069 613/1514 141/605][URL: ecx.images-amazon.com/images/I/71GcCNTb6kL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/71GcCNTb6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,70,0,0]
-	31	TCP 172.16.42.216:34069 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/12799 bytes <-> 14 pkts/1381 bytes][Goodput ratio: 93/40][4.36 sec][ALPN: h2;http/1.1][bytes ratio: 0.805 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 256/126 2464/986 644/293][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 800/99 1514/449 707/105][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (UGwp@manalytics.us)][Plen Bins: 0,8,0,0,8,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,59,0,0]
-	32	TCP 172.16.42.216:45711 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][22 pkts/11642 bytes <-> 11 pkts/2484 bytes][Goodput ratio: 89/74][21.11 sec][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/64 1023/2459 6019/9247 1749/3564][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 529/226 1514/955 611/323][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (udgNToPi.amazon.com)][Plen Bins: 0,12,6,0,0,6,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,31,0,0]
+	31	TCP 172.16.42.216:34069 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/12799 bytes <-> 14 pkts/1381 bytes][Goodput ratio: 93/40][4.36 sec][ALPN: h2;http/1.1][bytes ratio: 0.805 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 256/126 2464/986 644/293][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 800/99 1514/449 707/105][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,0,8,0,0,0,8,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,59,0,0]
+	32	TCP 172.16.42.216:45711 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][22 pkts/11642 bytes <-> 11 pkts/2484 bytes][Goodput ratio: 89/74][21.11 sec][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/64 1023/2459 6019/9247 1749/3564][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 529/226 1514/955 611/323][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,6,0,0,6,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,31,0,0]
 	33	TCP 172.16.42.216:42130 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/6237 bytes <-> 14 pkts/6594 bytes][Goodput ratio: 84/88][2.59 sec][ALPN: h2;http/1.1][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 164/169 783/785 225/244][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 346/471 1514/1514 494/576][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Safari][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,6,0,6,0,0,20,0,0,6,0,0,0,13,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,34,0,0]
 	34	TCP 172.16.42.216:37551 <-> 54.239.24.180:443 [proto: 91.178/TLS.Amazon][cat: Web/5][17 pkts/10780 bytes <-> 14 pkts/1770 bytes][Goodput ratio: 91/53][5.05 sec][ALPN: h2;http/1.1][bytes ratio: 0.718 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 330/332 1326/1927 449/591][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 634/126 1514/449 657/137][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,7,0,0,7,21,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
 	35	TCP 172.16.42.216:47605 <-> 72.21.206.121:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/6459 bytes <-> 10 pkts/5934 bytes][Goodput ratio: 88/90][1.23 sec][ALPN: h2;http/1.1][bytes ratio: 0.042 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/73 444/289 147/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 461/593 1514/1514 580/631][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Safari][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,7,0,0,15,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,40,0,0]
 	36	TCP 172.16.42.216:45661 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/5853 bytes <-> 14 pkts/6315 bytes][Goodput ratio: 83/87][2.50 sec][ALPN: h2;http/1.1][bytes ratio: -0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 168/40 1015/176 274/60][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 325/451 1168/1514 442/528][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,0,0,0,7,0,0,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,24,7,0,0,0,0,0,0,0,0,0,0,15,0,0]
-	37	TCP 172.16.42.216:45715 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/10366 bytes <-> 11 pkts/1730 bytes][Goodput ratio: 90/63][22.60 sec][ALPN: h2;http/1.1][bytes ratio: 0.714 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1160/2749 10810/15911 2672/5468][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 576/157 1514/555 667/178][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (33hJAHui.amazon.com)][Plen Bins: 0,14,7,7,0,0,7,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
+	37	TCP 172.16.42.216:45715 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][18 pkts/10366 bytes <-> 11 pkts/1730 bytes][Goodput ratio: 90/63][22.60 sec][ALPN: h2;http/1.1][bytes ratio: 0.714 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1160/2749 10810/15911 2672/5468][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 576/157 1514/555 667/178][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,7,0,0,7,7,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
 	38	TCP 172.16.42.216:42129 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][16 pkts/5899 bytes <-> 13 pkts/6114 bytes][Goodput ratio: 85/88][2.59 sec][ALPN: h2;http/1.1][bytes ratio: -0.018 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 177/19 1347/104 365/37][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 369/470 1514/1514 557/597][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com][Certificate SHA-1: 2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A][Safari][Validity: 2017-01-07 00:00:00 - 2018-01-30 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,0,8,0,0,8,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0]
 	39	TCP 172.16.42.216:45680 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/7129 bytes <-> 14 pkts/4292 bytes][Goodput ratio: 88/81][2.51 sec][ALPN: h2;http/1.1][bytes ratio: 0.248 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/95 1324/374 353/142][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 475/307 1248/891 523/370][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,14,7,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,21,7,7,0,0,0,0,0,0,0,0,0,0]
 	40	TCP 172.16.42.216:50797 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/5989 bytes <-> 11 pkts/4920 bytes][Goodput ratio: 87/87][10.17 sec][ALPN: h2;http/1.1][bytes ratio: 0.098 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 92/114 346/441 105/161][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 428/447 1514/1514 576/536][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,7,0,7,0,0,15,0,0,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
@@ -60,17 +60,17 @@ JA3 Host Stats:
 	42	TCP 172.16.42.216:38757 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/6382 bytes <-> 8 pkts/3973 bytes][Goodput ratio: 89/89][2.80 sec][bytes ratio: 0.233 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 254/411 1240/2328 378/858][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 491/497 1344/1514 576/598][Risk: ** Obsolete TLS version (< 1.1) **** Weak TLS cipher **][TLSv1][JA3C: f8f5b71e02603b283e55b50d17ede861][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,9,0,0,0,9,9,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,0,0,18,0,0]
 	43	TCP 172.16.42.216:40864 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/2838 bytes <-> 16 pkts/7478 bytes][Goodput ratio: 71/88][4.06 sec][ALPN: h2;http/1.1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 66/267 259/1771 98/509][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 189/467 1514/1514 363/499][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,6,0,0,0,6,13,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,20,0,0]
 	44	TCP 172.16.42.216:45693 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/4412 bytes <-> 13 pkts/5784 bytes][Goodput ratio: 81/87][4.69 sec][ALPN: h2;http/1.1][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 390/24 4145/80 1133/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 294/445 1514/1514 485/599][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 7,15,7,0,7,0,7,7,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
-	45	TCP 172.16.42.216:54427 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/8467 bytes <-> 8 pkts/1403 bytes][Goodput ratio: 90/62][1.35 sec][ALPN: h2;http/1.1][bytes ratio: 0.716 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/12 109/125 514/453 157/165][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 651/175 1514/777 663/233][TLSv1.2][Client: www.amazon.com][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (KwnVVYUzon.com)][Plen Bins: 0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,22,0,0]
+	45	TCP 172.16.42.216:54427 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/8467 bytes <-> 8 pkts/1403 bytes][Goodput ratio: 90/62][1.35 sec][ALPN: h2;http/1.1][bytes ratio: 0.716 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/12 109/125 514/453 157/165][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 651/175 1514/777 663/233][TLSv1.2][Client: www.amazon.com][JA3C: 5ee142340adf02ded757447e2ff78986][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,22,0,0]
 	46	TCP 172.16.42.216:51994 <-> 52.84.63.56:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][11 pkts/1293 bytes <-> 10 pkts/8334 bytes][Goodput ratio: 42/92][1.10 sec][Host: ecx.images-amazon.com][bytes ratio: -0.731 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 106/24 808/113 266/39][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 118/833 613/1514 157/652][URL: ecx.images-amazon.com/images/I/315y9IEXZSL._SL210_QL95_.png][StatusCode: 200][Content-Type: image/jpeg][User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; LGLS751 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/56.0.292][PLAIN TEXT (GET /images/I/315)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0]
 	47	TCP 172.16.42.216:44001 <-> 176.32.101.52:443 [proto: 91.178/TLS.Amazon][cat: Web/5][22 pkts/4394 bytes <-> 19 pkts/5213 bytes][Goodput ratio: 72/79][101.63 sec][bytes ratio: -0.085 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5968/5788 80048/79926 19049/20563][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 200/274 1514/1514 303/442][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: dp-gw-na-js.amazon.com][JA3C: 731bcada65b0a6f850bada3bdcd716d1][ServerNames: dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in][JA3S: fbe78c619e7ea20046131294ad087f05][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com][Certificate SHA-1: 27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C][Safari][Validity: 2016-09-24 00:00:00 - 2017-09-13 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 9,14,4,4,4,0,29,9,0,4,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0]
-	48	TCP 172.16.42.216:45714 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][17 pkts/7542 bytes <-> 10 pkts/1990 bytes][Goodput ratio: 88/71][18.45 sec][ALPN: h2;http/1.1][bytes ratio: 0.582 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1317/1449 6762/8309 2110/3069][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/199 1514/699 598/247][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (hE10XNoi.amazon.com)][Plen Bins: 0,15,7,0,15,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0]
+	48	TCP 172.16.42.216:45714 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][17 pkts/7542 bytes <-> 10 pkts/1990 bytes][Goodput ratio: 88/71][18.45 sec][ALPN: h2;http/1.1][bytes ratio: 0.582 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1317/1449 6762/8309 2110/3069][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 444/199 1514/699 598/247][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,15,7,0,15,7,0,7,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0]
 	49	TCP 172.16.42.216:38404 <-> 34.199.52.240:443 [proto: 91.178/TLS.Amazon][cat: Web/5][15 pkts/3140 bytes <-> 12 pkts/6286 bytes][Goodput ratio: 69/87][1.00 sec][ALPN: h2;http/1.1][bytes ratio: -0.334 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/55 364/256 109/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 209/524 950/1514 299/598][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: cognito-identity.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com][Certificate SHA-1: 56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34][Safari][Validity: 2016-05-25 00:00:00 - 2017-06-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 8,16,0,8,0,0,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
-	50	TCP 172.16.42.216:34074 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/7594 bytes <-> 9 pkts/1081 bytes][Goodput ratio: 90/51][6.86 sec][ALPN: h2;http/1.1][bytes ratio: 0.751 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 679/185 5262/894 1550/320][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 584/120 1514/449 627/125][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (ROz@SCanalytics.us)][Plen Bins: 0,11,0,0,11,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,22,0,11,0,0]
+	50	TCP 172.16.42.216:34074 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/7594 bytes <-> 9 pkts/1081 bytes][Goodput ratio: 90/51][6.86 sec][ALPN: h2;http/1.1][bytes ratio: 0.751 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 679/185 5262/894 1550/320][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 584/120 1514/449 627/125][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,11,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,22,0,11,0,0]
 	51	TCP 172.16.42.216:34019 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/2122 bytes <-> 11 pkts/6182 bytes][Goodput ratio: 63/90][0.64 sec][ALPN: h2;http/1.1][bytes ratio: -0.489 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/71 277/343 78/116][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 152/562 820/1514 202/618][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: mobileanalytics.us-east-1.amazonaws.com][JA3S: 159d46e54a2c066ef95e656fdf034e1d][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com][Certificate SHA-1: 87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D][Safari][Validity: 2016-05-31 00:00:00 - 2017-06-26 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,10,0,0,0,10,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
 	52	TCP 172.16.42.216:34033 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/6517 bytes <-> 11 pkts/1705 bytes][Goodput ratio: 88/62][1.91 sec][ALPN: h2;http/1.1][bytes ratio: 0.585 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/57 1221/225 342/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 466/155 1514/564 535/173][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,0,0,10,0,0,0,10,0,0,0,10,0,0,10,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0]
 	53	TCP 172.16.42.216:40853 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/2895 bytes <-> 11 pkts/5277 bytes][Goodput ratio: 77/88][2.68 sec][ALPN: h2;http/1.1][bytes ratio: -0.291 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 54/37 137/137 61/49][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 241/480 1514/1514 399/596][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: skills-store.amazon.com][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com][Certificate SHA-1: 2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2][Safari][Validity: 2016-05-14 00:00:00 - 2017-05-15 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,18,0,9,0,0,9,9,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,27,0,0]
 	54	TCP 172.16.42.216:45696 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/7016 bytes <-> 9 pkts/1115 bytes][Goodput ratio: 89/53][4.57 sec][ALPN: h2;http/1.1][bytes ratio: 0.726 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/196 591/1077 175/395][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 501/124 1514/507 644/138][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,10,0,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
-	55	TCP 172.16.42.216:45673 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/4512 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 83/79][2.23 sec][ALPN: h2;http/1.1][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 187/31 1612/164 452/54][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 322/278 1232/891 463/354][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (MBID oWF.amazon.com)][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0]
+	55	TCP 172.16.42.216:45673 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/4512 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 83/79][2.23 sec][ALPN: h2;http/1.1][bytes ratio: 0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 187/31 1612/164 452/54][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 322/278 1232/891 463/354][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,10,0,0,0,0,0,0,0,0,0,0,0]
 	56	TCP 172.16.42.216:49067 <-> 216.58.194.78:443 [proto: 91.228/TLS.PlayStore][cat: SoftwareUpdate/19][10 pkts/2508 bytes <-> 9 pkts/5344 bytes][Goodput ratio: 73/89][0.36 sec][bytes ratio: -0.361 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/34 137/93 40/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 251/594 1434/1484 402/587][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: android.clients.google.com][JA3C: 5bf38a5cbf896cd31eeef4d6ad1503e1][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com][JA3S: 9b1466fd60cadccb848e09c86e284265][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com][Certificate SHA-1: 54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42][Safari][Validity: 2017-03-22 17:02:50 - 2017-06-14 16:17:00][Cipher: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256][Plen Bins: 0,10,10,0,0,10,10,0,0,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,10,0,20,0,0,0]
 	57	TCP 172.16.42.216:45674 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4436 bytes <-> 12 pkts/3341 bytes][Goodput ratio: 85/79][2.20 sec][ALPN: h2;http/1.1][bytes ratio: 0.141 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/36 1612/118 492/51][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 370/278 1248/891 490/354][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,20,0,10,0,0,0,0,0,0,0,0,0,0]
 	58	TCP 172.16.42.216:50796 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/2719 bytes <-> 8 pkts/4869 bytes][Goodput ratio: 79/91][0.73 sec][ALPN: h2;http/1.1][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 91/73 260/241 97/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/609 1514/1514 428/624][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,11,0,0,0,11,11,0,0,0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,33,0,0]
@@ -81,17 +81,17 @@ JA3 Host Stats:
 	63	TCP 172.16.42.216:42148 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/5805 bytes <-> 8 pkts/1017 bytes][Goodput ratio: 88/54][0.57 sec][ALPN: h2;http/1.1][bytes ratio: 0.702 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 50/13 245/65 75/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 447/127 1514/445 591/130][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,0,0,22,0,0,11,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
 	64	TCP 172.16.42.216:54412 <-> 52.85.209.216:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/996 bytes <-> 7 pkts/5823 bytes][Goodput ratio: 33/92][0.38 sec][ALPN: h2;http/1.1][bytes ratio: -0.708 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/18 101/86 45/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 100/832 268/1514 67/636][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: www.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com][Certificate SHA-1: EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E][Safari][Validity: 2016-10-31 00:00:00 - 2017-12-31 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,0,0,14,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
 	65	TCP 172.16.42.216:41820 <-> 54.231.72.88:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/1817 bytes <-> 13 pkts/4948 bytes][Goodput ratio: 57/85][3.94 sec][ALPN: h2;http/1.1][bytes ratio: -0.463 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 314/42 2864/196 810/79][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 130/381 754/1486 184/469][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: s3-external-2.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com][JA3S: ea615e28cb25adfb2f261151eab3314f][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com][Certificate SHA-1: C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF][Safari][Validity: 2016-07-18 00:00:00 - 2017-10-26 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,8,8,8,0,0,8,0,0,0,8,0,0,8,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,8,0,0,0]
-	66	TCP 172.16.42.216:45732 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/5614 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 87/58][6.02 sec][ALPN: h2;http/1.1][bytes ratio: 0.672 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 591/663 2868/3089 977/1214][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 432/138 1514/555 598/160][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (Kf.e08ui.amazon.com)][Plen Bins: 0,22,11,0,0,0,11,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
+	66	TCP 172.16.42.216:45732 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/5614 bytes <-> 8 pkts/1103 bytes][Goodput ratio: 87/58][6.02 sec][ALPN: h2;http/1.1][bytes ratio: 0.672 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 591/663 2868/3089 977/1214][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 432/138 1514/555 598/160][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,0,0,11,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
 	67	TCP 172.16.42.216:45694 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1845 bytes <-> 9 pkts/4385 bytes][Goodput ratio: 67/88][4.64 sec][ALPN: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 515/26 4284/78 1333/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/487 752/1514 212/577][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
 	68	TCP 172.16.42.216:34053 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/4927 bytes <-> 9 pkts/1231 bytes][Goodput ratio: 88/57][2.15 sec][ALPN: h2;http/1.1][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/131 950/512 322/198][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 448/137 1514/449 584/126][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,25,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,12,0,0]
 	69	TCP 172.16.42.216:50800 <-> 54.239.28.178:443 [proto: 91.178/TLS.Amazon][cat: Web/5][9 pkts/1769 bytes <-> 8 pkts/4341 bytes][Goodput ratio: 71/90][0.63 sec][ALPN: h2;http/1.1][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/41 233/155 85/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/543 784/1514 236/591][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Safari][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
 	70	TCP 172.16.42.216:33556 <-> 52.94.232.0:443 [proto: 91.178/TLS.Amazon][cat: Web/5][10 pkts/1505 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 63/89][141.56 sec][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/52 174/172 68/74][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 150/510 642/1514 180/582][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mads.amazon-adsystem.com][JA3C: bdf21e38e1f69776df407235625e75e2][ServerNames: mads.amazon-adsystem.com,mads.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com][Certificate SHA-1: E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB][Firefox][Validity: 2016-09-23 00:00:00 - 2017-10-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,12,0,0,0,12,0,0,0,0,12,0,0,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
-	71	TCP 172.16.42.216:45695 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/4352 bytes <-> 10 pkts/1702 bytes][Goodput ratio: 83/66][4.61 sec][ALPN: h2;http/1.1][bytes ratio: 0.438 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/36 165/70 55/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 335/170 1514/555 510/190][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (/chPAoui.amazon.com)][Plen Bins: 0,20,10,0,0,0,20,10,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
+	71	TCP 172.16.42.216:45695 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/4352 bytes <-> 10 pkts/1702 bytes][Goodput ratio: 83/66][4.61 sec][ALPN: h2;http/1.1][bytes ratio: 0.438 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/36 165/70 55/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 335/170 1514/555 510/190][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,20,10,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
 	72	TCP 172.16.42.216:45688 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4484 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 85/68][0.83 sec][ALPN: h2;http/1.1][bytes ratio: 0.514 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 82/34 462/65 131/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 374/180 1514/891 537/270][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
 	73	TCP 172.16.42.216:42144 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4652 bytes <-> 11 pkts/1197 bytes][Goodput ratio: 86/46][1.06 sec][ALPN: h2;http/1.1][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/17 110/64 38/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/109 1514/445 525/115][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: fls-na.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
-	74	TCP 172.16.42.216:34041 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/4772 bytes <-> 8 pkts/1021 bytes][Goodput ratio: 87/54][0.71 sec][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/15 402/57 120/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 434/128 1514/449 567/131][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (BWypJJanalytics.us)][Plen Bins: 0,14,0,0,14,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,14,0,0]
+	74	TCP 172.16.42.216:34041 <-> 54.239.24.186:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/4772 bytes <-> 8 pkts/1021 bytes][Goodput ratio: 87/54][0.71 sec][ALPN: h2;http/1.1][bytes ratio: 0.648 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 78/15 402/57 120/22][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 434/128 1514/449 567/131][Risk: ** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: mobileanalytics.us-east-1.amazonaws.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,0,0,14,0,0,0,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,14,0,0]
 	75	TCP 172.16.42.216:45730 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1695 bytes][Goodput ratio: 83/73][2.11 sec][ALPN: h2;http/1.1][bytes ratio: 0.410 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 211/94 922/264 266/97][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/212 1514/1147 531/355][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,25,0,0]
-	76	TCP 172.16.42.216:45676 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/3258 bytes <-> 10 pkts/2390 bytes][Goodput ratio: 79/76][1.93 sec][ALPN: h2;http/1.1][bytes ratio: 0.154 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 199/75 1078/275 321/99][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/239 1200/891 420/327][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][PLAIN TEXT (AsNZYcTz.amazon.com)][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0]
+	76	TCP 172.16.42.216:45676 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/3258 bytes <-> 10 pkts/2390 bytes][Goodput ratio: 79/76][1.93 sec][ALPN: h2;http/1.1][bytes ratio: 0.154 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 199/75 1078/275 321/99][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 272/239 1200/891 420/327][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0]
 	77	TCP 172.16.42.216:45704 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][14 pkts/4417 bytes <-> 9 pkts/1227 bytes][Goodput ratio: 82/57][2.65 sec][ALPN: h2;http/1.1][bytes ratio: 0.565 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 100/113 506/431 150/168][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 316/136 1514/619 495/173][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,30,10,0,0,20,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
 	78	TCP 172.16.42.216:45728 <-> 52.94.232.134:443 [proto: 91.178/TLS.Amazon][cat: Web/5][12 pkts/4052 bytes <-> 8 pkts/1119 bytes][Goodput ratio: 83/58][2.13 sec][ALPN: h2;http/1.1][bytes ratio: 0.567 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 213/90 941/264 271/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 338/140 1514/571 531/165][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: pitangui.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,12,0,12,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
 	79	TCP 172.16.42.216:40878 <-> 54.239.29.253:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/2948 bytes <-> 10 pkts/1947 bytes][Goodput ratio: 75/70][6.35 sec][ALPN: h2;http/1.1][bytes ratio: 0.204 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 406/60 3799/294 1132/105][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 227/195 1514/1147 385/320][Risk: ** Weak TLS cipher **** Possibly Malicious JA3 Fingerprint **][TLSv1.2][Client: skills-store.amazon.com][JA3C: d551fafc4f40f1dec2bb45980bfa9492][JA3S: 18e962e106761869a61045bed0e81c2c (WEAK)][Safari][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,22,11,0,22,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0]
diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out
index 75ce5867c..02e697508 100644
--- a/tests/result/facebook.pcap.out
+++ b/tests/result/facebook.pcap.out
@@ -5,5 +5,5 @@ JA3 Host Stats:
 	1	 192.168.43.18            	 2      
 
 
-	1	TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][Goodput ratio: 53/93][0.68 sec][ALPN: h2;spdy/3.1;http/1.1][bytes ratio: -0.785 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/31 154/154 52/52][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 140/1005 583/1454 137/604][TLSv1.2][Client: www.facebook.com][JA3C: 5c60e71f1b8cd40e4d40ed5b6d666e3f][JA3S: 96681175a9547081bf3d417f1a572091][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (hTge.tcebook.com)][Plen Bins: 0,14,10,3,7,0,0,0,0,0,0,3,3,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0]
+	1	TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][19 pkts/2664 bytes <-> 22 pkts/22102 bytes][Goodput ratio: 53/93][0.68 sec][ALPN: h2;spdy/3.1;http/1.1][bytes ratio: -0.785 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/31 154/154 52/52][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 140/1005 583/1454 137/604][TLSv1.2][Client: www.facebook.com][JA3C: 5c60e71f1b8cd40e4d40ed5b6d666e3f][JA3S: 96681175a9547081bf3d417f1a572091][Firefox][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,10,3,7,0,0,0,0,0,0,3,3,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0]
 	2	TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][9 pkts/1345 bytes <-> 10 pkts/4400 bytes][Goodput ratio: 55/85][1.30 sec][ALPN: h2;spdy/3.1;http/1.1][bytes ratio: -0.532 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 148/73 414/313 172/127][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 149/440 449/1454 125/522][TLSv1.2][Client: facebook.com][JA3C: bfcc1a3891601edb4f137ab7ab25b840][ServerNames: *.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com][JA3S: 2d1eb5817ece335c24904f516ad5da12][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9][Firefox][Validity: 2014-08-28 00:00:00 - 2016-12-30 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,18,9,9,0,9,9,0,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0]
diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out
index acafde32a..69dace5cb 100644
--- a/tests/result/netflix.pcap.out
+++ b/tests/result/netflix.pcap.out
@@ -51,7 +51,7 @@ JA3 Host Stats:
 	40	TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][12 pkts/5165 bytes <-> 10 pkts/5074 bytes][Goodput ratio: 84/87][0.34 sec][bytes ratio: 0.009 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 31/31 85/65 31/27][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/507 1514/1514 533/591][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,25,0,8,0,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,8,0,0,0,0,0,25,0,0]
 	41	TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][21 pkts/3051 bytes <-> 16 pkts/6234 bytes][Goodput ratio: 55/83][31.02 sec][ALPN: spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.343 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1820/45 30348/363 7132/103][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 145/390 422/1514 132/520][TLSv1.2][Client: ichnaea.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com][Certificate SHA-1: 50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 11,27,5,0,0,5,5,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]
 	42	TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][14 pkts/3109 bytes <-> 11 pkts/5119 bytes][Goodput ratio: 70/86][0.32 sec][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 24/22 72/63 26/25][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 222/465 1514/1514 382/579][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: ios.nccp.netflix.com][JA3C: dc67ac8aaf8d7f69ecd6598135448f24][ServerNames: *.nccp.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos][Subject: CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos][Certificate SHA-1: 97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33][Firefox][Validity: 2001-01-17 20:32:09 - 2018-03-24 20:32:09][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 16,25,0,8,0,0,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
-	43	TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][Goodput ratio: 74/84][30.77 sec][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/22 143/79 43/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 253/423 1514/1514 422/512][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (STLCJ@.netflix.com)][Plen Bins: 18,9,0,0,9,0,9,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,18,0,0]
+	43	TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][14 pkts/3548 bytes <-> 11 pkts/4653 bytes][Goodput ratio: 74/84][30.77 sec][bytes ratio: -0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/22 143/79 43/29][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 253/423 1514/1514 422/512][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,9,0,0,9,0,9,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,18,0,0]
 	44	TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][16 pkts/1657 bytes <-> 12 pkts/5005 bytes][Goodput ratio: 36/84][30.93 sec][ALPN: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.503 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2373/20 30602/58 8149/26][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 104/417 309/1514 78/548][TLSv1.2][Client: api-global.netflix.com][JA3C: c07cb55f88702033a8f52c046d23e0b2][ServerNames: api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com][Certificate SHA-1: FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C][Firefox][Validity: 2016-04-12 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 15,23,15,0,0,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
 	45	TCP 192.168.1.7:53250 <-> 52.41.30.5:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][10 pkts/2830 bytes <-> 7 pkts/2484 bytes][Goodput ratio: 76/81][0.21 sec][bytes ratio: 0.065 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/20 92/54 34/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 283/355 1450/1066 419/413][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,12,0,0,12,0,12,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0]
 	46	TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/TLS.NetFlix][cat: Video/26][12 pkts/1294 bytes <-> 8 pkts/1723 bytes][Goodput ratio: 39/69][30.71 sec][bytes ratio: -0.142 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3064/6120 30486/30536 9141/12208][Pkt Len c2s/s2c min/avg/max/stddev: 60/66 108/215 309/989 83/296][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: api-global.netflix.com][JA3C: 7e72698146290dd68239f788a452e7d8][JA3S: 303951d4c50efb2e991652225a6f02b1][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,12,12,0,12,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out
index 7dcd0f7d2..1449ab9fb 100644
--- a/tests/result/nintendo.pcap.out
+++ b/tests/result/nintendo.pcap.out
@@ -7,7 +7,7 @@ JA3 Host Stats:
 	1	 192.168.12.114           	 1      
 
 
-	1	UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][cat: Game/8][169 pkts/61414 bytes <-> 278 pkts/126260 bytes][Goodput ratio: 88/91][5.90 sec][bytes ratio: -0.346 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/17 311/242 44/19][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 363/454 886/886 191/118][PLAIN TEXT (pluHnq)][Plen Bins: 0,2,24,2,0,0,0,0,0,0,0,0,0,63,6,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][cat: Game/8][169 pkts/61414 bytes <-> 278 pkts/126260 bytes][Goodput ratio: 88/91][5.90 sec][bytes ratio: -0.346 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/17 311/242 44/19][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 363/454 886/886 191/118][Plen Bins: 0,2,24,2,0,0,0,0,0,0,0,0,0,63,6,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][cat: Game/8][122 pkts/48332 bytes <-> 35 pkts/5026 bytes][Goodput ratio: 89/71][5.68 sec][bytes ratio: 0.812 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 45/77 607/506 66/117][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 396/144 1254/886 210/128][Plen Bins: 0,5,35,3,1,0,0,0,0,0,0,0,0,51,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
 	3	UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][cat: Game/8][122 pkts/46476 bytes <-> 38 pkts/5268 bytes][Goodput ratio: 89/70][5.49 sec][bytes ratio: 0.796 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/76 313/318 40/84][Pkt Len c2s/s2c min/avg/max/stddev: 102/102 381/139 886/886 193/124][PLAIN TEXT (FutwCa)][Plen Bins: 0,7,38,1,1,0,0,0,0,0,0,0,0,47,2,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	4	TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/TLS.Amazon][cat: Web/5][34 pkts/4466 bytes <-> 20 pkts/4021 bytes][Goodput ratio: 50/67][21.54 sec][bytes ratio: 0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 728/1409 14019/13944 2636/3582][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/201 400/983 86/219][Plen Bins: 0,58,5,15,0,2,0,8,0,2,2,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/skype-conference-call.pcap.out b/tests/result/skype-conference-call.pcap.out
index e21709279..2ba66b9eb 100644
--- a/tests/result/skype-conference-call.pcap.out
+++ b/tests/result/skype-conference-call.pcap.out
@@ -1,3 +1,3 @@
 SkypeCall	200	39687	1
 
-	1	UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][133 pkts/24845 bytes <-> 67 pkts/14842 bytes][Goodput ratio: 78/81][1.50 sec][bytes ratio: 0.252 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/8 147/120 22/27][Pkt Len c2s/s2c min/avg/max/stddev: 74/77 187/222 957/957 244/233][Risk: ** Known protocol on non standard port **][PLAIN TEXT (vRKSoR)][Plen Bins: 0,41,17,28,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.2.20:49282 <-> 104.46.40.49:60642 [proto: 78.38/STUN.SkypeCall][cat: VoIP/10][133 pkts/24845 bytes <-> 67 pkts/14842 bytes][Goodput ratio: 78/81][1.50 sec][bytes ratio: 0.252 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/8 147/120 22/27][Pkt Len c2s/s2c min/avg/max/stddev: 74/77 187/222 957/957 244/233][Risk: ** Known protocol on non standard port **][Plen Bins: 0,41,17,28,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out
index ca32e957e..6e821ee73 100644
--- a/tests/result/teams.pcap.out
+++ b/tests/result/teams.pcap.out
@@ -29,7 +29,7 @@ JA3 Host Stats:
 	9	TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][cat: Collaborative/15][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][ALPN: h2;http/1.1][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][TLSv1.2][Client: substrate.office.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Safari][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
 	10	TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0]
 	11	TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][ALPN: h2;http/1.1][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][TLSv1.2][Client: teams.microsoft.com][JA3C: ebf5e0e525258d7a8dcb54aa1564ecbd][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Safari][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
-	12	TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][ALPN: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][Safari][PLAIN TEXT (Washington1w.teams.microsoft.co)][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
+	12	TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][cat: Collaborative/15][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][ALPN: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][TLSv1.2][Client: eu-prod.asyncgw.teams.microsoft.com][JA3C: 74d5fa154a7fc0a7c655d8eaa34b89bf][Safari][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
 	13	TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: a1674500365bdd882188db63730e69a2][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0]
 	14	TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.212/TLS.Microsoft][cat: Cloud/13][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: mobile.pipe.aria.microsoft.com][JA3C: e4d448cdfe06dc1243c1eb026c74ac9a][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0]
 	15	UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78.125/STUN.Skype][cat: VoIP/10][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/telegram.pcap.out b/tests/result/telegram.pcap.out
index e3c20cf6e..90c00f250 100644
--- a/tests/result/telegram.pcap.out
+++ b/tests/result/telegram.pcap.out
@@ -14,10 +14,10 @@ Telegram	908	185304	12
 Microsoft	2	284	1
 GoogleServices	2	186	1
 
-	1	UDP 192.168.1.77:28150 <-> 91.108.8.1:533 [proto: 185/Telegram][cat: Chat/9][12 pkts/1272 bytes <-> 276 pkts/68136 bytes][Goodput ratio: 60/83][16.92 sec][bytes ratio: -0.963 (Download)][IAT c2s/s2c min/avg/max/stddev: 48/0 290/61 504/476 186/43][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/247 138/330 24/41][PLAIN TEXT (ByFasn)][Plen Bins: 0,2,4,3,0,19,37,21,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 192.168.1.77:28150 <-> 91.108.8.8:529 [proto: 185/Telegram][cat: Chat/9][285 pkts/65890 bytes <-> 13 pkts/1522 bytes][Goodput ratio: 82/64][16.92 sec][bytes ratio: 0.955 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/27 59/210 504/472 30/201][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 231/117 314/138 44/16][PLAIN TEXT (vVgwxH)][Plen Bins: 0,2,4,3,8,28,14,37,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.1.77:28150 <-> 91.108.8.1:533 [proto: 185/Telegram][cat: Chat/9][12 pkts/1272 bytes <-> 276 pkts/68136 bytes][Goodput ratio: 60/83][16.92 sec][bytes ratio: -0.963 (Download)][IAT c2s/s2c min/avg/max/stddev: 48/0 290/61 504/476 186/43][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 106/247 138/330 24/41][Plen Bins: 0,2,4,3,0,19,37,21,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.1.77:28150 <-> 91.108.8.8:529 [proto: 185/Telegram][cat: Chat/9][285 pkts/65890 bytes <-> 13 pkts/1522 bytes][Goodput ratio: 82/64][16.92 sec][bytes ratio: 0.955 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/27 59/210 504/472 30/201][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 231/117 314/138 44/16][Plen Bins: 0,2,4,3,8,28,14,37,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	3	UDP [fe80::4ba:91a:7817:e318]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][120 pkts/27243 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][58.59 sec][Host: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17386/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 162/0 227/0 489/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	UDP 192.168.1.77:23174 <-> 91.108.8.7:521 [proto: 185/Telegram][cat: Chat/9][57 pkts/12266 bytes <-> 66 pkts/14180 bytes][Goodput ratio: 80/80][4.58 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 78/65 500/308 73/53][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 215/215 282/298 59/49][PLAIN TEXT (wNxr@g)][Plen Bins: 0,4,6,8,0,27,38,14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 192.168.1.77:23174 <-> 91.108.8.7:521 [proto: 185/Telegram][cat: Chat/9][57 pkts/12266 bytes <-> 66 pkts/14180 bytes][Goodput ratio: 80/80][4.58 sec][bytes ratio: -0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 78/65 500/308 73/53][Pkt Len c2s/s2c min/avg/max/stddev: 74/90 215/215 282/298 59/49][Plen Bins: 0,4,6,8,0,27,38,14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	5	UDP 192.168.1.75:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][120 pkts/24843 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][58.59 sec][Host: _dacp._tcp.local][_dacp._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 504/0 17387/0 1760/0][Pkt Len c2s/s2c min/avg/max/stddev: 142/0 207/0 469/0 65/0][PLAIN TEXT (iTunes)][Plen Bins: 0,0,0,50,8,20,0,5,15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	UDP 192.168.0.1:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][12 pkts/3852 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][54.99 sec][Host: tl-sg116e][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4886/0 4987/0 5017/0 36/0][Pkt Len c2s/s2c min/avg/max/stddev: 321/0 321/0 321/0 0/0][DHCP Fingerprint: 1,3][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	7	UDP 192.168.1.77:5353 -> 192.168.1.75:5353 [proto: 8/MDNS][cat: Network/14][9 pkts/2880 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][56.23 sec][Host: _companion-link._tcp.local][_companion-link._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3480/0 7028/0 31577/0 9279/0][Pkt Len c2s/s2c min/avg/max/stddev: 320/0 320/0 320/0 0/0][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out
index 9c2096902..9b177cae7 100644
--- a/tests/result/viber.pcap.out
+++ b/tests/result/viber.pcap.out
@@ -17,7 +17,7 @@ JA3 Host Stats:
 	2	TCP 192.168.0.17:57520 <-> 54.230.93.96:443 [proto: 91.144/TLS.Viber][cat: Chat/9][12 pkts/1848 bytes <-> 12 pkts/9317 bytes][Goodput ratio: 57/91][5.69 sec][ALPN: h2;http/1.1][bytes ratio: -0.669 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 622/10 5492/35 1722/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 154/776 435/1514 138/635][TLSv1.2][Client: media.cdn.viber.com][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.cdn.viber.com][JA3S: 76cc3e2d3028143b23ec18e27dbd7ca9][Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2][Subject: C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com][Certificate SHA-1: B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39][Firefox][Validity: 2016-07-03 00:00:00 - 2018-07-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,7,0,7,0,7,0,0,15,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
 	3	TCP 192.168.0.17:49048 <-> 54.187.91.182:443 [proto: 91.178/TLS.Amazon][cat: Web/5][13 pkts/2823 bytes <-> 14 pkts/6552 bytes][Goodput ratio: 69/86][1.00 sec][ALPN: http/1.1][bytes ratio: -0.398 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 58/60 176/183 76/72][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 217/468 1514/1514 380/570][TLSv1.2][Client: brahe.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 7,15,0,7,0,15,0,0,7,0,0,0,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0]
 	4	TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes][Goodput ratio: 68/38][46.77 sec][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1220/1489 7187/7333 2090/2188][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 205/107 657/176 184/43][Plen Bins: 0,3,57,18,0,0,0,0,0,0,3,3,0,3,0,0,9,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][Goodput ratio: 81/77][33.94 sec][ALPN: http/1.1][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2821/2646 23555/23575 6838/7399][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 356/286 1038/884 370/258][TLSv1.2][Client: app-measurement.com][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (rXsucYement.com)][Plen Bins: 0,7,0,0,0,7,0,0,0,0,0,0,40,0,0,0,7,0,0,0,0,0,0,7,0,15,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][Goodput ratio: 81/77][33.94 sec][ALPN: http/1.1][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2821/2646 23555/23575 6838/7399][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 356/286 1038/884 370/258][TLSv1.2][Client: app-measurement.com][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Safari][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,0,0,0,7,0,0,0,0,0,0,40,0,0,0,7,0,0,0,0,0,0,7,0,15,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][Goodput ratio: 49/89][1.01 sec][ALPN: http/1.1][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/51 273/178 102/80][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 131/583 432/1514 112/601][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][ServerNames: *.apptimize.com,apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA][Subject: C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Firefox][Validity: 2016-02-11 00:00:00 - 2019-04-10 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 18,0,0,9,0,9,0,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0]
 	7	TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/TLS][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][Goodput ratio: 55/90][0.23 sec][ALPN: http/1.1][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/19 152/60 47/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153/693 631/1514 169/616][TLSv1.2][Client: venetia.iad.appboy.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Firefox][Plen Bins: 0,0,11,0,0,11,0,0,11,0,11,0,0,0,0,0,0,11,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
 	8	TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][Goodput ratio: 48/88][0.92 sec][ALPN: http/1.1][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 93/53 185/189 87/84][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 133/560 433/1514 111/605][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Firefox][Plen Bins: 18,0,0,9,0,9,0,0,18,0,0,9,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0]
diff --git a/tests/result/vnc.pcap.out b/tests/result/vnc.pcap.out
index a3f673dfd..070045594 100644
--- a/tests/result/vnc.pcap.out
+++ b/tests/result/vnc.pcap.out
@@ -1,4 +1,4 @@
 VNC	4551	329158	2
 
-	1	TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][cat: RemoteAccess/12][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes][Goodput ratio: 32/1][16.52 sec][bytes ratio: 0.552 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 841/845 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/54 89/88 5/3][Risk: ** Desktop/File Sharing Session **][PLAIN TEXT (ws57U@4.00)][Plen Bins: 88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 95.237.48.208:59791 <-> 192.168.2.110:6900 [proto: 89/VNC][cat: RemoteAccess/12][2485 pkts/199101 bytes <-> 1058 pkts/57444 bytes][Goodput ratio: 32/1][16.52 sec][bytes ratio: 0.552 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/10 841/845 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/54 89/88 5/3][Risk: ** Desktop/File Sharing Session **][Plen Bins: 88,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	TCP 95.237.48.208:51559 <-> 192.168.2.110:6900 [proto: 89/VNC][cat: RemoteAccess/12][684 pkts/54893 bytes <-> 324 pkts/17720 bytes][Goodput ratio: 32/1][4.15 sec][bytes ratio: 0.512 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/12 538/501 32/43][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 80/55 89/88 5/4][Risk: ** Desktop/File Sharing Session **][Plen Bins: 90,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out
index a4cfa536a..8945b12bc 100644
--- a/tests/result/webex.pcap.out
+++ b/tests/result/webex.pcap.out
@@ -11,7 +11,7 @@ JA3 Host Stats:
 
 
 	1	TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][Goodput ratio: 6/96][62.34 sec][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 135/140 2165/2214 262/271][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 57/1282 528/29696 36/3035][Risk: ** Obsolete TLS version (< 1.1) **** Weak TLS cipher **][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,1,2,0,63,3,1,1,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,4,0,0,0,15]
-	2	TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][Goodput ratio: 68/99][2.76 sec][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112/101 455/404 117/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172/3746 590/18020 206/4700][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][PLAIN TEXT (MBkIFO.webex.com)][Plen Bins: 0,3,0,0,3,0,0,3,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,45]
+	2	TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][Goodput ratio: 68/99][2.76 sec][bytes ratio: -0.912 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 112/101 455/404 117/100][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 172/3746 590/18020 206/4700][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Firefox][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,3,0,0,3,0,0,3,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,45]
 	3	TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][Goodput ratio: 77/97][5.52 sec][bytes ratio: -0.750 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/138 1189/1223 220/218][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 240/1717 590/17734 233/3587][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: radcom.webex.com][JA3C: f9010d8c34749bdf7659b52227e6f91b][ServerNames: *.webex.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Firefox][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 0,2,4,0,0,0,2,0,4,2,0,0,0,2,4,2,24,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,22,0,0,0,0,24]
 	4	TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][Goodput ratio: 48/97][2.62 sec][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 144/154 1031/979 260/240][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 106/2130 590/8901 135/2682][Risk: ** Obsolete TLS version (< 1.1) **** Weak TLS cipher **][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,0,0,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,34]
 	5	TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/TLS.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][Goodput ratio: 56/98][3.76 sec][bytes ratio: -0.915 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/5 383/399 1876/1875 577/571][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 128/2863 528/14373 150/4304][Risk: ** Obsolete TLS version (< 1.1) **** Weak TLS cipher **][TLSv1][JA3C: 7cb93b2404a98399e9f84c74fef1fb8f][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6 (WEAK)][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,18,0,0,9,9,0,0,0,0,9,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,45]
diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out
index 8c05061d1..1780823b8 100644
--- a/tests/result/whatsapp_login_call.pcap.out
+++ b/tests/result/whatsapp_login_call.pcap.out
@@ -17,7 +17,7 @@ JA3 Host Stats:
 
 	1	UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 78.45/STUN.WhatsAppCall][cat: VoIP/10][186 pkts/27025 bytes <-> 278 pkts/25895 bytes][Goodput ratio: 71/55][9.73 sec][bytes ratio: 0.021 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/33 198/347 51/47][Pkt Len c2s/s2c min/avg/max/stddev: 68/64 145/93 525/488 100/64][Risk: ** Known protocol on non standard port **][PLAIN TEXT (zTdFPOk)][Plen Bins: 24,37,19,5,0,1,1,0,3,3,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 78.45/STUN.WhatsAppCall][cat: VoIP/10][141 pkts/17530 bytes <-> 57 pkts/12888 bytes][Goodput ratio: 66/81][7.74 sec][bytes ratio: 0.153 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/124 307/539 63/96][Pkt Len c2s/s2c min/avg/max/stddev: 65/68 124/226 484/552 75/128][Risk: ** Known protocol on non standard port **][Plen Bins: 9,34,26,10,4,1,2,3,1,1,1,2,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][Goodput ratio: 86/80][34.28 sec][bytes ratio: 0.281 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/108 1665/1391 340/319][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 406/276 1494/1002 489/348][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][PLAIN TEXT (CeQijUunes.apple.com)][Plen Bins: 4,8,4,0,0,0,0,4,0,0,16,0,0,0,8,8,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
+	3	TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][Goodput ratio: 86/80][34.28 sec][bytes ratio: 0.281 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 122/108 1665/1391 340/319][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 406/276 1494/1002 489/348][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 4,8,4,0,0,0,0,4,0,0,16,0,0,0,8,8,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]
 	4	TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/TLS.Apple][cat: Web/5][21 pkts/7644 bytes <-> 17 pkts/9576 bytes][Goodput ratio: 85/90][32.84 sec][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1909/37 30435/294 7133/82][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 364/563 1494/1494 553/634][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: query.ess.apple.com][JA3C: 799135475da362592a4be9199d258726][ServerNames: *.ess.apple.com][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Issuer: CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US][Subject: CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US][Certificate SHA-1: BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B][Validity: 2015-05-06 01:09:47 - 2016-06-04 01:09:47][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 5,11,0,11,0,5,0,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,45,0,0]
 	5	TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/TLS.Apple][cat: Web/5][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][Goodput ratio: 85/77][0.94 sec][bytes ratio: 0.271 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 36/42 225/228 76/81][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 363/236 1494/1002 464/321][Risk: ** TLS (probably) not carrying HTTPS **][TLSv1.2][Client: p53-buy.itunes.apple.com][JA3C: 799135475da362592a4be9199d258726][JA3S: c253ec3ad88e42f8da4032682892f9a0 (INSECURE)][Cipher: TLS_RSA_WITH_RC4_128_MD5][Plen Bins: 6,13,6,0,0,0,0,6,0,0,13,0,0,0,6,6,0,13,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0]
 	6	TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 238.140/ApplePush.Apple][cat: Cloud/13][11 pkts/4732 bytes <-> 11 pkts/1194 bytes][Goodput ratio: 85/39][125.45 sec][bytes ratio: 0.597 (Upload)][IAT c2s/s2c min/avg/max/stddev: 53/0 12860/12856 101116/101113 33359/33359][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 430/109 1506/300 467/83][PLAIN TEXT (yfV.nY)][Plen Bins: 0,9,36,0,0,0,9,9,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0]
diff --git a/tests/result/wireguard.pcap.out b/tests/result/wireguard.pcap.out
index e236f2d74..ac0bfc506 100644
--- a/tests/result/wireguard.pcap.out
+++ b/tests/result/wireguard.pcap.out
@@ -1,3 +1,3 @@
 WireGuard	2399	734182	1
 
-	1	UDP 139.162.192.157:51820 <-> 192.168.0.14:36116 [proto: 206/WireGuard][cat: VPN/2][1362 pkts/518526 bytes <-> 1037 pkts/215656 bytes][Goodput ratio: 89/80][381.21 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 269/314 10882/13538 1111/1204][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 381/208 1404/1404 362/135][PLAIN TEXT (RJxM17)][Plen Bins: 0,0,0,35,43,5,2,0,6,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
+	1	UDP 139.162.192.157:51820 <-> 192.168.0.14:36116 [proto: 206/WireGuard][cat: VPN/2][1362 pkts/518526 bytes <-> 1037 pkts/215656 bytes][Goodput ratio: 89/80][381.21 sec][bytes ratio: 0.413 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 269/314 10882/13538 1111/1204][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 381/208 1404/1404 362/135][Plen Bins: 0,0,0,35,43,5,2,0,6,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]