diff --git a/bgpranking/parsers/abusech_threatfox.py b/bgpranking/parsers/abusech_threatfox.py
new file mode 100644
index 0000000..e6c3341
--- /dev/null
+++ b/bgpranking/parsers/abusech_threatfox.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import json
+
+from io import BytesIO
+from typing import List
+
+
+def parse_raw_file(self, f: BytesIO) -> List[str]:
+    to_return = []
+    for entry in json.loads(f.getvalue().decode()).values():
+        ip_port = entry[0]['ioc_value']
+        to_return.append(ip_port.split(':')[0])
+    return to_return
diff --git a/config/modules/RansomwareIPBlockList.json b/config/modules/RansomwareIPBlockList.json
deleted file mode 100644
index e2374b0..0000000
--- a/config/modules/RansomwareIPBlockList.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  "url": "https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt",
-  "vendor": "ransomwaretracker",
-  "name": "ipblocklist",
-  "impact": 7,
-  "parser": ".parsers.abusech"
-}
diff --git a/config/modules/SSLBlacklist.json b/config/modules/SSLBlacklist.json
new file mode 100644
index 0000000..8d90bf1
--- /dev/null
+++ b/config/modules/SSLBlacklist.json
@@ -0,0 +1,7 @@
+{
+  "url": "https://sslbl.abuse.ch/blacklist/sslipblacklist.txt",
+  "vendor": "abuse.ch",
+  "name": "blacklist",
+  "impact": 7,
+  "parser": ".parsers.abusech"
+}
diff --git a/config/modules/ThreatFoxIOC.json b/config/modules/ThreatFoxIOC.json
new file mode 100644
index 0000000..bf494be
--- /dev/null
+++ b/config/modules/ThreatFoxIOC.json
@@ -0,0 +1,7 @@
+{
+  "url": "https://threatfox.abuse.ch/export/json/ip-port/recent/",
+  "vendor": "abuse.ch",
+  "name": "threatfox",
+  "impact": 5,
+  "parser": ".parsers.abusech_threatfox"
+}