Explore OpenCTI or OpenAEV platform with 30 days Free Trial!
XTM Hub by FiligranSign In
Abuse SSL (Deprecated) logo

Abuse SSL (Deprecated)

Verified
Open Source Threat Intel

Overview

The connector uses the an Abuse-ssl csv file that lists botnet ips detected based on certain ssl signatures An SSL certificate can be associated with one or more servers (IP address:port combination). SSLBL collects IP addresses that are running with

The connector uses the an Abuse-ssl csv file that lists botnet ips detected based on certain ssl signatures An SSL certificate can be associated with one or more servers (IP address:port combination). SSLBL collects IP addresses that are running with an SSL certificate blacklisted on SSLBL. These are usually botnet Command&Control servers (C&C). SSLBL hence publishes a blacklist containing these IPs which can be used to detect botnet C2 traffic from infected machines towards the internet, leaving your network. The CSV format is useful if you want to process the blacklisted IP addresses further, e.g. loading them into your SIEM or CTI (or both, don't be shy).

Basic information

Abuse SSL (Deprecated)
Connectors
External import
6.8.13
7

    We use cookies to make the XTM Hub work, understand how it's used, and improve your experience. Strictly necessary cookies are always on. With your consent, we also use optional cookies for functionality, performance and analytics, and marketing. You can accept all, reject all, or choose which optional cookies to allow. You can change your preferences at any time via "Cookie settings". See our Cookie Policy for more information.