Intelligence Database  ·  40+ Validated Sources

Threat Intelligence
at Enterprise Scale

OneFirewall Alliance integrates 40+ reliable threat intelligence sources, delivering real-time data on malicious IPs, domains, URLs, and file hashes — enriched, scored, and enforcement-ready for your firewalls, IPS, WAF, and SIEM.

Speak with OneFirewall Start a PoV
40+ Sources Real-Time Updates 168% Critical Growth Confidence Scored
IPv4 / CIDR Domains URLs ALLIANCE DATABASE 40+ sources Firewall WAF / IPS SIEM
40+Validated sources
168%Critical-risk entry growth
61%Medium-risk growth
1.5M+IPs from single source
0.1–0.9Confidence score range
4Threat data types

What the Intelligence Covers

Four data types, continuously updated from diverse global sources — each with confidence scoring and threshold management to prevent overload while prioritising the highest-risk indicators.

🌐

Malicious IP Addresses

IPv4 addresses and CIDR ranges confirmed as attack sources — C2 servers, TOR exit nodes, botnet infrastructure, and brute-force origins. Over 1.5M unique IPs from a single validated source alone.

🏢

Domain Blocklists

Malicious domains used for phishing, malware distribution, DNS tunnelling, and command-and-control. Domain-specific blocklists with source-calibrated confidence scoring (0.1–0.9).

🔗

Malicious URLs

Precise URL-level threat intelligence — not just domains — enabling web proxies, WAFs, and secure web gateways to block specific malicious endpoints while allowing legitimate traffic.

📄

File Hashes (MD5, SHA256)

Known malware file signatures from sandbox analysis and alliance member submissions. Supports MD5, SHA1, SHA256, and filename indicators for endpoint and email security enforcement.

Database Growth & Source Quality

The Alliance continually evaluates and adds new intelligence sources through a rigorous process: broad research, targeted evaluation, cross-referencing with existing feeds, and consistency validation over time. New sources are assigned initial confidence scores of approximately 0.2 and recalibrated as accuracy is demonstrated.

Critical-risk entries+168%
Medium-risk entries+61%
High-risk entries+46%
Low-risk entries+17%
GET /api/v1/feed/ips?score=190
# Response: enforcement-ready IP list
{
  "generated_at": "2026-02-19T10:00:00Z",
  "threshold":    190,
  "count":        1847293,
  "entries": [
    {
      "ip":         "185.220.101.45",
      "score":      847,
      "confidence": 0.94,
      "tags":       ["tor-exit", "brute-force"]
    },
    // ... 1.8M+ more entries
  ]
}

Access the Full Intelligence Database

Connect your firewalls, WAF, and SIEM to 40+ continuously updated intelligence sources — scored, enriched, and enforcement-ready. Speak with our team to start a Proof of Value.

Speak with OneFirewall Organize a Proof of Value