IPQS IP Address Abuse Feed is a threat intelligence service that provides daily CSV files containing malicious IP addresses with detailed abuse classifications. The feed identifies specific malicious activities including bot attacks, denial of service attempts, credential stuffing, port scans, and password brute force attempts. The service delivers nightly refreshed data that can be imported into SIEM platforms, internal detection engines, or custom risk scoring systems. Each record includes IP addresses, attack classifications, timestamps, malware samples, and metadata related to abusive behavior. Organizations can request up to seven days of abuse records per download for audits and investigations. The feed includes detection of traffic from anonymous proxies, VPN services, and proxy servers through integration with the IPQS proxy detection database. Files are delivered via HTTPS encryption and can be analyzed locally without requiring real-time API dependencies. The data supports identification of suspicious IP addresses, fraudulent activity patterns, and helps organizations maintain blocklists. The feed provides context beyond basic IP reputation scoring by linking specific abusive behaviors to IP addresses, enabling security teams to reduce false positives and build detection rules based on observed malicious activity.