-
Solutions
By Challenge
-
High CPC niches
Stop paying premium prices for fake clicks.
-
Declining Performance
Clean your data so the algorithm works again.
-
Junk Leads
Keep bots out of your CRM and pipeline.
-
Competitors Clicking
Block competitors from draining your budget.
By Role
-
Small Businesses
How ClickPatrol can help your business.
-
Agencies
How ClickPatrol can help your agency.
-
Brands
How ClickPatrol can help your brand.
-
-
About ClickPatrol™
-
About ClickPatrol™
Who are we and read about our mission.
-
Affiliate Program
Sign-up for our affiliate program, we love to partner up with you.
-
Request Demo
Fill in this form to receive a demo and more information.
-
-
Resources
-
FAQ
Everything you need to know & answers to all the common questions.
-
Case Studies
See why agencies and business owners use ClickPatrol to protect their ads.
-
Customer Reviews
Customer Reviews and Success Stories of the ClickPatrol community.
-
Tools
Tools published by ClickPatrol & Friends.
-
Blog
Read articles and guides by our expert content team.
-
- Pricing
- Sign in
- Start My Free 7-Day Trial
What is Domain Generation Algorithm (DGA)?
A Domain Generation Algorithm (DGA) is malware logic that produces many possible domain names from a seed (date, counter, or shared secret). Infected hosts try to resolve those names until one is registered by the operator, creating a command-and-control (C2) channel that is hard to preemptively block.
Table of Contents
Mechanics defenders watch for
Both sides share the seeding scheme. Each day or hour the malware generates a list, performs DNS lookups, and connects when a name resolves. Most names never exist (NXDOMAIN noise), which becomes a signal: one endpoint firing hundreds of random-looking queries is abnormal compared to a browser visiting known sites.
DGAs vary from high-entropy gibberish strings to dictionary blends that mimic legitimate brands. Some collide with popular names to slow simple blocking. Security stacks use lexical models, entropy scores, and DNS telemetry rather than static blacklists alone.
DGAs are malware infrastructure, not a consumer privacy tool. They overlap conceptually with other evasion tactics (fast flux, bulletproof hosting) but solve the “fixed C2 hostname” weakness of older bot families.
Connection to ad fraud and network abuse
DGA traffic itself is mostly an enterprise SOC problem, yet the same infected machines often participate in click spam, credential stuffing, or spam relays. A host talking to DGA domains is compromised until remediated. That endpoint might also generate invalid ad events or form spam, which ties into suspicious behavior models.
Publisher and advertiser teams rarely label traffic “DGA” in dashboards, but DNS security vendors feed “known malware domain generation” intelligence into broader IP and ASN reputation. Understanding DGAs explains why detection emphasizes behavior and not only static lists. For context on automated traffic classes, see types of bots and ad fraud basics.
- Chamber of Commerce: 71448519
- VAT: NL858719423B01
-
- Get Started
- Plans & Pricing
- Start Your Free Trial
- Book a Demo
- Sign in
-
- Partners
- Become Affiliate
- For Agencies
- For Brands
Trusted by 4,100+ websites worldwide
