diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc
index 7d249fc9e9..bbd0ad1ef7 100644
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@@ -1214,7 +1214,7 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line)
             // perform a weak test to see if the string "HTTP/"
             // is found at the end of the RequestLine
             if ( strcasecmp_n(6, end_of_line - 9, " HTTP/") == 0 )
-                goto evasion;
+                goto bad_http_request_with_version;
 		goto error;
         }
 
@@ -1237,8 +1237,8 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line)
 
 	return 1;
 
-evasion:
-    reporter->Weird(Conn(), "possible_evasion_attempt");
+bad_http_request_with_version:
+    reporter->Weird(Conn(), "bad_HTTP_request_with_version_field");
     return 0;
 
 error:
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-evasion/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-bad-request-with-version/http.log
similarity index 100%
rename from testing/btest/Baseline/scripts.base.protocols.http.http-evasion/http.log
rename to testing/btest/Baseline/scripts.base.protocols.http.http-bad-request-with-version/http.log
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-evasion/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-bad-request-with-version/weird.log
similarity index 86%
rename from testing/btest/Baseline/scripts.base.protocols.http.http-evasion/weird.log
rename to testing/btest/Baseline/scripts.base.protocols.http.http-bad-request-with-version/weird.log
index 6b1cd809eb..c3eb78f0c7 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-evasion/weird.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-bad-request-with-version/weird.log
@@ -6,5 +6,5 @@
 #open	2016-02-05-13-13-06
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1452204358.172926	CXWv6p3arKYeMETxOg	192.168.122.130	49157	202.7.177.41	80	possible_evasion_attempt	-	F	bro
+1452204358.172926	CXWv6p3arKYeMETxOg	192.168.122.130	49157	202.7.177.41	80	bad_HTTP_request_with_version_field	-	F	bro
 #close	2016-02-05-13-13-06
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
index 8b0efa1211..7d8d7f6938 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log
@@ -13,9 +13,9 @@
 1354328882.949510	C7XEbhP654jzLoe3a	128.2.6.136	46570	173.194.75.103	80	bad_HTTP_request	-	F	bro
 1354328887.094494	CMXxB5GvmoxJFXdTa	128.2.6.136	46572	173.194.75.103	80	bad_HTTP_request	-	F	bro
 1354328891.141058	Caby8b1slFea8xwSmb	128.2.6.136	46573	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.183942	Che1bq3i2rO3KD1Syg	128.2.6.136	46574	173.194.75.103	80	possible_evasion_attempt	-	F	bro
+1354328891.183942	Che1bq3i2rO3KD1Syg	128.2.6.136	46574	173.194.75.103	80	bad_HTTP_request_with_version_field	-	F	bro
 1354328891.226199	C3SfNE4BWaU4aSuwkc	128.2.6.136	46575	173.194.75.103	80	bad_HTTP_request	-	F	bro
-1354328891.267625	CEle3f3zno26fFZkrh	128.2.6.136	46576	173.194.75.103	80	possible_evasion_attempt	-	F	bro
+1354328891.267625	CEle3f3zno26fFZkrh	128.2.6.136	46576	173.194.75.103	80	bad_HTTP_request_with_version_field	-	F	bro
 1354328891.309065	CwSkQu4eWZCH7OONC1	128.2.6.136	46577	173.194.75.103	80	unknown_HTTP_method	CCM_POST	F	bro
 1354328895.355012	CfTOmO0HKorjr8Zp7	128.2.6.136	46578	173.194.75.103	80	unknown_HTTP_method	CCM_POST	F	bro
 1354328895.396634	CzA03V1VcgagLjnO92	128.2.6.136	46579	173.194.75.103	80	bad_HTTP_request	-	F	bro
diff --git a/testing/btest/Traces/http/http-evasion.trace b/testing/btest/Traces/http/http-bad-request-with-version.trace
similarity index 100%
rename from testing/btest/Traces/http/http-evasion.trace
rename to testing/btest/Traces/http/http-bad-request-with-version.trace
diff --git a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.bro b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.bro
new file mode 100644
index 0000000000..f95196e8bd
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.bro
@@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff weird.log
+
diff --git a/testing/btest/scripts/base/protocols/http/http-evasion.bro b/testing/btest/scripts/base/protocols/http/http-evasion.bro
deleted file mode 100644
index 55e296a96d..0000000000
--- a/testing/btest/scripts/base/protocols/http/http-evasion.bro
+++ /dev/null
@@ -1,4 +0,0 @@
-# @TEST-EXEC: bro -Cr $TRACES/http/http-evasion.trace %INPUT
-# @TEST-EXEC: btest-diff http.log
-# @TEST-EXEC: btest-diff weird.log
-