Splunk ES threat feeds empty

Splunk Enterprise Security

Hello guys, since 08/20/2025 we have issues in ES downloading these feeds from Splunk servers. When we try with curl then it doesn't return any data. No error. We use proxy.

Thanks for your help!

phishtank	https://data.phishtank.com/data/online-valid.csv.gz
iblocklist_piratebay	https://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb
iblocklist_web_attacker	https://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag
iblocklist_tor	https://list.iblocklist.com/?list=tor
iblocklist_logmein	https://list.iblocklist.com/?list=logmein
iblocklist_proxy	https://list.iblocklist.com/?list=bt_proxy
iblocklist_rapidshare	https://list.iblocklist.com/?list=zfucwtjkfwkalytktyiw
mozilla_public_suffix_list	https://publicsuffix.org/list/effective_tld_names.dat

* If this helps, please upvote or accept solution if it solved *

Get Updates on the Splunk Community!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...