The SSL Blacklist (SSLBL) is a project operated by abuse.ch. The purpose of the project is:
- Collect SSL certificates (SHA1 fingerprints) associated with botnet Command&Control servers (C&Cs)
- SSL/TLS client fingerprints (JA3 fingerprints) associated with malware
Any data offered here is available for free (see Terms of Services), helping network administrators and security analysts to protect their network and customers from botnets.
If you are a vendor you may use data from SSLBL for both, commercical and non-commercial purpose without any limitation (see Terms of Services). If you need a customized format, there is the possibility to get one. If you wish to do so, please contact me under coSntacPtAmeM@abuse.ch (remove all capital letters).
SSLBL offers the following feeds:
- Malicious SSL Certificates (SHA1 fingerprints)
- Malware SSL/TLS client fingerprints (JA3 fingerprints)
- Botnet C2 IP address:port combination associated with malicious SSL certificates