Web cluster warninglists

[ater49]

With passive DNS data of CIRCL, it could be possible to determine which IP are used by a large number of hostname like in a Web cluster.

Could it be possible to extract these data in order to create an IP Warninglist ?

[adulau]

Indeed, we could generate list of IP addresses associated to a lot of domains/hostname (>10000 records). It's a good idea. I need to check how to do in the Passive DNS database.