Industry-Leading Protection From Compromised Websites & Malicious Threats

Malicious website detection is a critical capability for service providers, businesses and network security vendors. Real-time identification of URLs and IPs associated with viruses, malware, and other forms of harmful programs enables you to block traffic to/from those destinations and thus avoid potential harm to your system. The zvelo malicious URL database—offered as part of the zveloDB™ URL Database or separately—offers easy integration through an API or data feed for use with firewalls, routers, proxies, or other systems for a safer Internet.

Check out our Glossary of Network Security, Malicious Threats, and Common Computer Definitions.

Malicious Website Detection and Protection

The Comprehensive Malicious URL Dataset for your Network Security Solution

With our malicious URL dataset, threats and exploits are detected at the domain, full-path, or page-level. This includes malware, phishing, fraud, botnets, and spyware. zvelo analyzes billions of URLs and ad impressions daily by combining static analysis, behavioral analysis, 3rd party industry feeds, and human-supervised machine learning to deliver the most extensive malicious website detection.

An integrative multi-vector approach using in-house analysis is used by zvelo that combines the following methods:

  • Honeypot infrastructure
  • Bot detection infrastructure
  • In-house and 3rd party tools
  • Human supervised/validated Machine Learning
  • Link analysis
  • Content analysis
  • Static profile and heuristic analysis
  • Behavioral analysis (sandboxing)
  • 3rd party industry feeds

Malicious Detection Use Cases

Our malicious detection supports a wide range of applications and use cases for OEM Network Security solutions. Detecting malicious URLs is critical to protecting users from visiting compromised websites.

Some typical use cases for the integration of the malicious website detection offering with our malicious URL dataset, enabling filtering or blocking of traffic to or from sites, pages, or IPs detected as being malicious, phishing, fraud, botnet or some other exploit:

  • Endpoint Security
  • Firewalls, Gateways, and other UTM Devices
  • Routers and Proxies
  • Web Filtering and Parental Controls
  • CASBs & MSSPs
Industry-Leading Accuracy over 99% of the ActiveWeb

Accuracy & Effectiveness

The zveloLABS team continuously samples malicious detections to profile, test and validate malicious detections. These results are then used to feed/train the supervised Machine Learning systems and adjust or tune the efficiency, accuracy and overall effectiveness of malicious detections using internal key performance indicators while maintaining low false positive rates by incorporating our our malicious URL dataset into your solution.


Comprehensive Malicious Detection Coverage

Using traffic from over 650 million users and billions of ad impressions daily, zvelo provides comprehensive malicious detection from a broad range of threat vectors. View the zvelo Global Cyber Threat Map with a recent sampling of malicious threats including a density heatmap and recent malicious detections.

Highly Granular 500 Categories

Granular Detections

Our malicious website detection identifies by threat vector at the URL, IP, and page-level – malware, malware distribution, phishing, fraud, botnets, and emerging exploits.


Multiple Integration Options

From endpoint security to perimeter security to UTM vendors to hosted security providers, zvelo covers the broadest spectrum of flexible and easy-to-integrate deployment options including cloud-based API, a local SDK, or as a raw data stream.

Continuous Real-Time SDK Updates & Protection

Continuous Updates for the Dynamic Web

New malicious detections from billions of daily transactions are available immediately for querying via an API or direct ingestion into systems and servers.

Page Level Detection & Accuracy | Full Path

Page-Level Detections

Malicious detections are made at the domain, sub-domain, full-path and page level, ensuring comprehensive detection of the most critical exploits and dangerous sites, enabling you to provide page-level protection for your users and applications.

10 Types of Malicious Categories

Using advanced artificial intelligence and machine learning techniques—our categorization engines are able to detect the following malicious exploits:

Ad Fraud

Sites that are being used to commit fraudulent online display advertising transactions using different ad impression boosting techniques including but not limited to the following, ads stacking, iframe stuffing, and hidden ads. Sites that have high non-human web traffic and with rapid, large, and unexplained changes in traffic.


Web pages that impersonate other web pages usually with the intent of stealing passwords, credit card numbers, or other information. Also includes web pages that are part of scams such as a “”419″” scam where a person is convinced to hand over money with the expectation of a big payback that never comes. Examples con, hoax, scam etc.

Spyware & Questionable Software

Software that reports information back to a central server such as spyware or keystroke loggers. Also includes software that may have legitimate purposes, but some people may object to having on their system.

Compromised & Links To Malware

Compromised web pages are pages that appear to be legitimate, but house malicious code or link to malicious websites hosting malware. These sites have been compromised by someone other than the site owner. If Firefox blocks a site as malicious, use this category. Examples are defaced, hacked by etc.

Malware Distribution Point

Web pages that host viruses, exploits, and other malware are considered Malware Distribution Points. Web Analysts may use this category if their anti-virus program triggers on a particular website.

Cryptocurrency Mining

Websites that use cryptocurrency mining (“cryptojacking”) technology without seeking the user’s permission.

Malware Call-Home

When viruses and spyware report information back to a particular URL or check a URL for updates, this is considered a malware call-home address.


Bots are compromised machines running software that is used by hackers to send spam, phishing attacks, and denial of service attacks.

Command and Control Centers

Internet servers used to send commands to infected machines called bots.

Spam URLs

URLs that frequently occur in spam messages.


Real-Time Threat Intelligence For Network Security Vendors & Router/Gateway Manufacturers

zvelo’s crowd-sourced approach to obtaining a constant stream of URLs for analysis enables us to continuously analyze the ActiveWeb for malicious and compromised sites. This includes a network of approximately 650 million end users and growing. Learn about how our AI-powered systems leverage machine learning, static and heuristic techniques, and third-party feeds to provide the industry’s leading malicious detection capabilities.

Have Questions? Ready To Start An Evaluation?

Send Us A Message