Malicious Website Detection for Network Security OEMs

Industry-Leading "White Label" Malicious Website Protection for your network security application or solution

The Comprehensive Malicious Detection for your Network Security Solution

With our malicious URL dataset, threats and exploits are detected at the domain, full-path, or page-level. This includes malware, phishing, fraud, botnets, and spyware. zvelo analyzes billions of URLs and ad impressions daily by combining static analysis, behavioral analysis, 3rd party industry feeds, and human-supervised machine learning to deliver the most extensive malicious website detection.

An integrative multi-vector approach using in-house analysis is used by zvelo that combines the following methods:

  • Honeypot infrastructure
  • Bot detection infrastructure
  • In-house and 3rd party tools
  • Human supervised/validated Machine Learning
  • Link analysis
  • Content analysis
  • Static profile and heuristic analysis
  • Behavioral analysis (sandboxing)
  • 3rd party industry feeds

Accuracy and Effectiveness

The zveloLABS team continuously samples malicious detections to profile, test and validate malicious detections. These results are then used to feed/train the supervised Machine Learning systems and adjust or tune the efficiency, accuracy and overall effectiveness of malicious detections using internal key performance indicators while maintaining low false positive rates by incorporating our our malicious URL dataset into your solution.

Comprehensive Malicious Detection Coverage

Using traffic from over 500 million users and billions of ad impressions daily, zvelo provides comprehensive malicious detection from a broad range of threat vectors. View the zvelo Global Cyber Threat Map with a recent sampling of malicious threats including a density heatmap and recent malicious detections.

Granular Detections

Our malicious website detection identifies by threat vector at the URL, IP, and page-level – malware, malware distribution, phishing, fraud, botnets, and emerging exploits.

Multiple Integration Options

From endpoint security to perimeter security to UTM vendors to hosted security providers, zvelo covers the broadest spectrum of flexible and easy-to-integrate deployment options including cloud-based API, a local SDK, or as a raw data stream.

Continuous Updates for the Dynamic Web

New malicious detections from billions of daily transactions are available immediately for querying via an API or direct ingestion into systems and servers.

Page-level Detection

Malicious detections are made at the domain, sub-domain, full-path and page level, ensuring comprehensive detection of the most critical exploits and dangerous sites, enabling you to provide page-level protection for your users and applications.

Malicious Detection Use Cases

Our malicious detection supports a wide range of applications and use cases for OEM Network Security solutions.

Some typical use cases for the integration of the malicious website detection offering with our malicious URL dataset, enabling filtering or blocking of traffic to or from sites, pages, or IPs detected as being malicious, phishing, fraud, botnet or some other exploit:

  • Endpoint Security
  • Firewalls and UTM Devices
  • Routers and Proxies
  • Web Filtering and Parental Controls
  • CASB

For a Sampling of Currently Identified Malicious Threats with Both Recent Detections and and a Density Heatmap of Malicious Detections

View Our Global Cyber Threat Map

Nine Types of Malicious Categories Utilized by the Detection Systems Offered by zvelo

Ad Fraud

Sites that are being used to commit fraudulent online display advertising transactions using different ad impression boosting techniques including but not limited to the following, ads stacking, iframe stuffing, and hidden ads. Sites that have high non-human web traffic and with rapid, large, and unexplained changes in traffic.
Bots are compromised machines running software that is used by hackers to send spam, phishing attacks, and denial of service attacks.

Command and Control Centers
Internet servers used to send commands to infected machines called bots.

Compromised & Links To Malware
Compromised web pages are pages that appear to be legitimate, but house malicious code or link to malicious websites hosting malware. These sites have been compromised by someone other than the site owner. If Firefox blocks a site as malicious, use this category. Examples are defaced, hacked by etc.

Malware Call-Home
When viruses and spyware report information back to a particular URL or check a URL for updates, this is considered a malware call-home address.

Malware Distribution Point
Web pages that host viruses, exploits, and other malware are considered Malware Distribution Points. Web Analysts may use this category if their anti-virus program triggers on a particular website.

Web pages that impersonate other web pages usually with the intent of stealing passwords, credit card numbers, or other information. Also includes web pages that are part of scams such as a “”419″” scam where a person is convinced to hand over money with the expectation of a big payback that never comes. Examples con, hoax, scam etc.

Spam URLs
URLs that frequently occur in spam messages.

Spyware & Questionable Software
Software that reports information back to a central server such as spyware or keystroke loggers. Also includes software that may have legitimate purposes, but some people may object to having on their system.

Contact Us

Web Filtering / Parental Controls

Enabling web filtering and parental controls vendors with best-in-breed web content categorization performance, accuracy, coverage, and malicious detection through an easy-to-integrate and customizable API, combined with the industry’s best customer service and responsiveness.


Information Security

From Perimeter Security to Endpoint Security to Hosted/Cloud-Security, zvelo has data and expertise to support virtually any information security application, such as web filtering, parental controls, reputation filtering, CASB, DNS filtering, botnet detection, compromised device detection, and more.

Learn More about Our InfoSec Solutions