Threat Feeds
Download confirmed IOCs in CSV, JSON, or plain text format. Each feed covers a distinct threat category and is updated continuously as new reports are confirmed.
About vspam.org threat feeds
vspam.org publishes curated threat intelligence feeds containing confirmed phishing URLs, malicious domains, abusive IP addresses, and spam sender email addresses. Feeds are regenerated every 15 minutes by a background worker and include only IOCs that have reached community confirmation through trust-weighted voting.
Available formats
- STIX 2.1 — structured threat intelligence bundles compatible with TAXII 2.1 clients and SIEM platforms.
- CSV — comma-separated values with IOC value, type, confidence score, and first-seen timestamp.
- JSON — machine-readable format for custom integrations and scripting.
- Plain text — one IOC per line, suitable for blocklist ingestion by firewalls and mail filters.
Licensing
Feeds are free for non-commercial use under CC0. Commercial redistribution requires a commercial license. For automated feed consumption, see the API documentation or connect via TAXII 2.1.