I added a new Threat Intelligence Download and in the Audit dashboard I can constantly see that the feed on "csv download starting" stage, it never proceeds further. The feed requires a api key which I added as a remote site user so it does proceed beyond the authentication phase. It is a csv feed which only downloads the domains so there should be not much of extraction required I believe.