About

The SSL Blacklist (SSLBL) is a project operated by abuse.ch. The purpose of the project is:

• Collect SSL certificates (SHA1 fingerprints) associated with botnet Command&Control servers (C&Cs)
• SSL/TLS client fingerprints (JA3 fingerprints) associated with malware

Any data offered here is available for free (see Terms of Services), helping network administrators and security analysts to protect their network and customers from botnets.

If you are a vendor you may use data from SSLBL for both, commercical and non-commercial purpose without any limitation (see Terms of Services). If you need a customized format, feel free to get in contact with us using the Spamhaus Technology contact form:
https://www.spamhaus.com/#contact-form

SSLBL offers the following feeds:

• Malicious SSL Certificates (SHA1 fingerprints)
• Malware SSL/TLS client fingerprints (JA3 fingerprints)
• Botnet C2 IP address:port combination associated with malicious SSL certificates