To avoid blacklisting, hackers have to frequently change domain names of their malware distributing websites. One ongoing (as of January 2012) attack injects encrypted scripts into webpages on compromised sites. Rather than regularly updating the script to use new links to malware sites, those scripts use Twitter API (trends) and a clever algorithm to generate new pseudo-random domain names of attack sites on the fly. To generate the domain names hackers use trending topics that were hot on Twitter two days ago. Domain names change every 6 hours. Read more...

This real-time tool generates 4 domain names that the attack uses today and predicts 4 domain names that will be used tomorrow (GMT time zone).

This generator is based on the algorithm extracted from a malicious script that was found on a compromised website in January, 2012. It should work correctly for as long as hackers don't change the algorithm.

To see the JavaScript code of the algorithm, check the source code of this page.