I noticed that this IP Blocklist is gone as well
#################################################################
# abuse.ch SSLBL Botnet C2 IP Blacklist (IPs only) - Aggressive #
# Last updated: 2025-01-03 11:30:00 UTC #
# #
# Terms Of Use: https://sslbl.abuse.ch/blacklist/ #
# For questions please contact sslbl [at] abuse.ch #
#################################################################
#
# DstIP
#
# ATTENTION: This list has been deprecated on 2025-01-03
#
Including Suricata IP ruleset
################################################################
# abuse.ch SSLBL Snort / Suricata Botnet C2 IP Ruleset #
# Last updated: 2025-01-03 11:30:00 UTC #
# #
# Terms Of Use: https://sslbl.abuse.ch/blacklist/ #
# For questions please contact sslbl [at] abuse.ch #
################################################################
#
# ATTENTION: This list has been deprecated on 2025-01-03
#
and including the RPZ list
$TTL 30
@ SOA rpz.sslbl.abuse.ch. hostmaster.sslbl.abuse.ch. 2504052318 3600 1800 604800 30
NS localhost.
;
; abuse.ch SSLBL Response Policy Zones (RPZ)
;
; Terms Of Use: https://sslbl.abuse.ch/blacklist/
; For questions please contact sslbl [at] abuse.ch
;
; ATTENTION: This RPZ feed has been deprecated on 2025-02-28
The certificate ruleset is still being updated though:
################################################################
# abuse.ch Suricata IDS SSL Certificate Ruleset #
# For Suricata 1.4 or newer #
# Last updated: 2025-04-06 05:28:01 UTC #
# #
# Terms Of Use: https://sslbl.abuse.ch/blacklist/ #
# For questions please contact sslbl [at] abuse.ch #
################################################################
#
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (Shylock C&C)"; tls.fingerprint:"b0:8a:49:39:fb:88:f3:75:a2:75:7e:ad:dc:47:b1:fb:8b:55:44:39";