Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS User Guide

Table of Contents

RANDOMDOMAIN - Random Domain Name

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 5, 2026
  • 1 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

Method description

A method for detection of random domain names (that is, randomly generated names that often contain unusual sequences of characters such as eqc49iqcxnvmzj26h24cyf22h44atnzisc29pu.com). The method analyzes multiple properties of the second-level domain names and calculates the probability of the random domain name patterns being used, based on weighted values of these properties.

This method consists of the following sub-method:

  • General: Reports the usage of the random domain name in the network.

Method configuration

It is recommended to apply this method to the whole communication of IP addresses in the monitored network. The recommended place for the monitoring of the traffic is a central switch or the Internet connection line.

Method parameters

  • Protocols: Allows you to specify protocols on which the detection of random domains should be enabled. The current options are DNS and HTTP(S).

It is possible to tune up this method by using the False positive rules. These rules define random domains that should not generate an event (using the field Hostname in the section Advanced filtering parameters). For more information see the chapter False Positives.

Assigned filter

The filter is used for restricting the source IP addresses.

Interpretation of results

This detection method can detect random domain names used in network communication, which can indicate that devices infected by malware are communicating with the Command and Control server.

TitleResults for “How to create a CRG?”Also Available inAlert