zvelo’s View of the Web
zvelo provides the industry’s most accurate and comprehensive web content classification and threat detection services for the ActiveWeb. As we continue to make strides towards our mission to make the internet safer and more secure, we are expanding our malicious and phishing detection capabilities to explore suspicious activity outside of the ActiveWeb to include what we call the ProActiveWeb. This post explores zvelo’s view of the web.
At the highest level, the internet can be broken down into the SurfaceWeb and the HiddenWeb. Simply put, the SurfaceWeb is everything which is publicly accessible and the HiddenWeb is everything else that is hidden or inaccessible to the public.
The Surface Web, also called the Visible Web or Indexable Web, is basically the collection of public web sites and pages which can be indexed by search engines. The Surface Web is made up of all the different sites we use on a daily basis and are accessible through standard web browsers like Google Chrome, Mozilla FireFox, Microsoft Edge, etc. Our zveloDB and zveloCAT services are focused on the content classification and malicious detection of the SurfaceWeb.
One question we are frequently asked is, “What is the ActiveWeb?” The ActiveWeb is how zvelo refers to the websites that comprise the publicly-accessible SurfaceWeb. To provide a safe and secure internet experience, zvelo focused on classifying these sites for content, malware, phishing, adult and other content, which is licensed to partners on a data subscription model. Partners integrate the data in applications ranging from web filtering to parental controls to contextual targeting to DNS filtering, and more. The 600+ million users represented by zvelo’s partners provide a continuous stream of new ActiveWeb domains for classification and malicious detection, resulting in zvelo having over 99.9% coverage of the ActiveWeb on an ongoing basis.
While the first segment of the web is just the tip of the iceberg, the HiddenWeb makes up the vast majority of the internet. This is the portion of the internet which is not publicly accessible and is unable to be indexed by search engines such as Google, Bing, Yahoo, etc. The HiddenWeb is the zone where zvelo’s ProActiveWeb looks for signals coming from the InActiveWeb, DeepWeb and DarkWeb segments to protect its network of hundreds of millions of end users up in the SurfaceWeb zone.
The ProActiveWeb is a segment which is a precursor to sites becoming part of the ActiveWeb. Our zveloCTI service is focused on detecting and analyzing the ProActiveWeb for threats and suspicious activity proactively before they become part of the ActiveWeb. Think of this as the “pre-history” of the ActiveWeb. zvelo actively monitors signals from the ProActiveWeb like Top Level Domain (TLD) registration activity and a range of signals using predictive threat intelligence insights to detect threats before they become part of the ActiveWeb, providing partners with unique insights and a competitive edge in their respective markets.
The InActiveWeb is made up of all the websites which are expired or have an unreachable status. Over time, legitimate websites may become inactive because they are no longer used, the business no longer exists, or the domain name registration simply expired. The InActiveWeb also includes sites which were flagged as malicious or phishing and have been taken down by law enforcement. This particular segment is unique because, while it’s not inherently dangerous, this is where the Malicious Cyber Actors (MCAs) carve a path into the ActiveWeb. As zvelo moves these domains to the InActiveWeb they are still tracked in case they become active again.
The DeepWeb is frequently, and mistakenly, conflated with the DarkWeb but there is an important distinction between the two. The DeepWeb is not necessarily dangerous as there are numerous reasons for sites and site content to remain hidden from public view. The content of the DeepWeb can be located and accessed by a direct URL or IP address, but may require a password or other security access to get past public-website pages. Sites like internal business portals, intranets, paywall enshrouded sites, password protected members-only sites, personal account details — These are all examples of legitimate sites which exist as part of the DeepWeb.
The DarkWeb is the portion of the HiddenWeb which is intentionally hidden to mask nefarious activity and is inaccessible through standard browsers and methods. Access to the DarkWeb requires using special software like Tor which enables a fully anonymized browsing experience for internet privacy. The DarkWeb contains entire malicious ecosystems where malicious actors sell malware, trade techniques and share intelligence on how to commit cybercrimes, and sell data like stolen identities, credit and debit card information, and data obtained through data breaches. Law enforcement and cybersecurity researchers often attempt to gain access to these DarkWeb sites through undercover operations to monitor malicious activity that is normally hidden from the SurfaceWeb.
There are more than 1.5 billion websites on the internet today. The status of these billions of websites can change dramatically from one minute to the next, with URLs moving from Proactive to Active to Inactive to Hidden. Given the rate at which phishing and other malicious activities have increased recently, it’s now more critical than ever to expand what we see as the ProActiveWeb to stop malicious or suspicious sites before they become active.