Torpig botnet uses Twitter API (trends) to generate new pseudo-random domain names of attack sites where infected websites silently redirect visitors to. Active domain names change at least twice a day. Read more...

This real-time tool generates a domain name of the currently active attack site and two domain names that hackers should activate in upcoming 24 hours.

This generator is based on the algorithm extracted for a malicious script that was found on a compromised website in the beginning of December, 2009. It should work correctly for as long as hackers don't change the algorithm.