Malicious Detailed Detection Feed™ (MDDF) | In Depth Malicious Threat Intelligence

More Unique Detections of Malicious IOCs, Faster and More Accurately Than Any Other Malicious Threat Feed on the Market.

The Malicious Detailed Detection Feed™ (MDDF) delivers curated malicious threat intelligence data which identifies, confirms, and enriches malicious Indicators Of Compromise (IOCs) with a range of metadata attributes. The rich metadata reveals crucial details about the IOCs which are necessary for defenders, analysts, and key stakeholders to prioritize and take appropriate action against potential threats. The metadata includes attributes like full-path URLs, date created and/or expired, domain history, malware family, file hashes, and numerous other intelligence attributes.

  • Unique Detections – 40% More Threats Detected
  • Faster Detection – Up to 65% Faster Than Other Feeds
  • Lowest False Positive Rates – Ranging From 0.1% – 0.15%
  • Rich Metadata for Contextual Relevancy and Forensic Analysis
  • Real-Time, Continuous Updates
  • Curated 3rd Party Feeds plus zvelo Proprietary Data
  • Massive Clickstream Traffic From 1 Billion Users and Endpoints
  • Fast, Easy API Integration and Deployment

MDDF Offers Unrivaled Intelligence Data to Defending Against Malicious Threats 

Curated Malicious Threat Feed for Maximum Protection Against Malicious IOCs

zvelo’s proprietary AI-based threat detection and categorization technologies, combined with curated domains, threat and other data feeds, plus clickstream traffic from its partners’ 1 billion users and endpoints, provide unmatched visibility, coverage, reach and accuracy for powering applications which protect users and devices from malicious threats.

malicious detection for blocking and threat research

Unique Malicious Detections

Advanced AI-based technology detects unique malicious IOCs earlier and more accurately than other providers so you can neutralize emerging threats when they are most dangerous.

Global Clickstream

Massive Clickstream Traffic

URLs from text, SMS, email, and surfing traffic from 1 billion users and endpoints supply continuous and comprehensive visibility into the global clickstream.

Rich Metadata Attributes

Metadata for Contextual Relevance

Metadata enriches IOCs with key details like the full-path URL, created date, domain history, malware family, and file hashes to establish contextual relevance of malicious threats.

Real-Time Detections

Real-Time Malicious Detection

Newly identified malicious threats immediately propagate to global database deployments to  maximize protection against emerging threats.

Curated Malicious Intelligence

Curated Malicious Intelligence

zvelo leverages its massive clickstream traffic, along with other sensor-based data streams and proprietary data sources to identify, validate and enrich intelligence collected on malicious threats.

Real-Time Continuous Updates

Real-Time, Continuous Updates

zvelo’s global AI-based network continuously monitors and analyzes ActiveWeb traffic and proprietary data sources to identify new malicious threats as they mutate and change.

Block Adversarial Attacks at the Initial Access Point

Extend Comprehensive Malicious Threat Protection to Your Users and End Points

Get the actionable threat intelligence required to block adversaries at the initial access point for comprehensive protection against malicious IOCs. zvelo’s MDDF malicious threat feed is intended for defenders, threat analysts, and SaaS security vendors seeking to integrate premium cyber threat intelligence data into their solutions or services.

  • Managed Detection and Response (MDR)
  • Endpoint Detection and Response (EDR)
  • SIEM Alerting and Response
  • Secure Access Service Edge (SASE)
  • Attack Surface Monitoring
  • Red & Blue Team Data
  • Web Filtering & Parental Controls
  • Malicious Threat Analysis

Power Your Threat Protection with zveloCTI™

Maximum Precision, Efficacy, and Protection Against Evolving and Emerging Threats

For commercial applications that require comprehensive threat protection against both malicious and phishing threats, zveloCTI offers PhishBlocklist and PhishScan for unmatched visibility, coverage, reach and accuracy to power applications that protect users and devices from active and emerging phishing threats, including zero-day and zero-hour threats.

Phishing Detection for Blocking and Threat Research


The PhishBlocklist feed delivers curated phishing intelligence for comprehensive protection against active phishing threats in the wild.  More than just detections, PhishBlockList is enriched with additional metadata attributes like date detected, targeted brand, and other crucial data points.

Explore PhishBlocklist


zveloCTI’s PhishScan provides a fast, easy-to-implement cloud API query service to get an immediate yes/no response as to whether a URL/IP is phishing.  Ideal for email/SMS/surfing applications that require real-time phishing verification lookups.

Explore PhishScan

Additional Resources

Case Study

The Business Justification for zvelo’s Cyber Threat Intelligence Feeds

zvelo’s threat intelligence delivers significant cost savings and powerful improvements to the Client’s threat detection capabilities.

Case Study

zvelo Threat Intelligence vs OSINT

A comparative analysis of zvelo’s threat intelligence with open source threat intelligence for threat detection accuracy (FPs/FNs), threat detection coverage, and speed of detections.


Threat Feed Evaluations: Key Areas for Consideration

A blog series on how to evaluate threat feeds, beginning with the key areas to focus on measuring to help you get the most out of your evaluation.

Read the Blog

Why Curated Threat Data is Critical to Effective Threat Protection

Curated threat data delivers the true value of threat intelligence by offering the right data, accurately interpreted, and actionably presented.

Read the Blog
Have Questions? Ready To Start An Evaluation?

Send Us A Message