Advanced Global Cyber Threat Intelligence For OEMs

Covering Malicious Detections & Emerging Threats From Around the World

With over 20 years of expertise in categorization and identifying malicious exploits and sites—zvelo delivers industry-leading threat intelligence for network security and antivirus vendors, device manufacturers, MSSPs, web filtering & parental controls, and more. Powered by our human-supervised machine learning systems, and using a combination or static and heuristic detection techniques—as well as integrating a number of third-party feeds from partner relationships—zvelo malicious detection capabilities provide up-to-the-minute intelligence and protection in an ever-changing threat landscape.

NOTE: The information represented in this global cyber threat map is for demonstration purposes and does not encompass the entirety of zvelo Malicious Detection capabilities.

Malicious Detections | Global Cyber Threat Map

Identified Malicious Detections

This map references a random, daily sampling of zvelo malicious categorizations and plots them based on the GPS coordinates of the threat. Detection information consists of the malicious category, obfuscated IP of the threat, and location of threat.

zvelo Heatmap | Threat Intelligence | Global Cyber Threat Map | Malicious Exploits

Heatmap Locations

This map provides a high-level summation of the areas where zvelo has recently encountered the most malicious threats. Red indicates a higher density, while blue denotes a lower number of occurrences.

AI-Powered Phishing Detection

Unmatched Coverage and Effectiveness Against Active and Emerging Phishing URLs—Including Zero-Day Threats

Phishing is arguably the most significant cyber threat facing businesses and consumers today. That’s why zvelo has compiled a massive human-annotated phishing dataset and built custom phishing detection models to identify emerging threats. Ideal for web and DNS filtering, antivirus vendors, CASBs, and more—these identifications are available to all licensed zveloDB partners and is also available through a standalone feed, the PhishBlocklist™. The following table provides a small sampling of the daily unique detections identified by zveloAI and the phishing detection system.

Explore Phishing DetectionVisit

Protect Your Networks From Malware, Phishing, Botnets, and Other Threats

Real-time identification of IPs and URLs related to malware, viruses, and other forms of harmful programs enables you avoid potential harm to your system by being able to block traffic to/from those destinations. A coveted Malicious Detection solution allows for easy integration through an API or data feed for use with routers, proxies, firewalls, or other systems for a safer Internet.

Explore Malicious DetectionObjectionable Content

Protect Your Networks AND Customers From Phishing, Malware, & Other Threats

Malicious Detection For Compromised URLs & IPs

zvelo’s categorization and malicious detection systems currently classify malware and exploits into ten (10) categories. These categories represent the most prominent and dangerous malicious types on the web. Due to the variable lifecycle of malicious URLs and IPs, it is imperative to be able to inspect and detect URLs quickly to verify their current malicious status.

zvelo’s Malicious Detection systems incorporate an automated revisit process where malicious sources are retested. zvelo revisits up to 300,000 malicious URLs daily to determine if they are still infected, have been cleaned, or have been taken down altogether. And because zvelo is able to classify web content at the full path level—we are able to revisit and re-analyze the exact URL that was identified as malicious.

Explore Malicious Detection
Advanced Threat Intelligence | zvelo Malicious Detection Systems

Identifying 10 Malicious Categories

zvelo detection systems identify the following ten (10) types of Malicious Categories:


Web pages impersonating other web pages with the intention of stealing passwords, credit card numbers, or other information. Also web pages that are part of scams such as a “”419″” scam where a person pays a sum of money with the expectation of a larger payback that never comes. Examples con, hoax, scam, etc.

Compromised and Links To Malware

Compromised web pages are disguised as legitimate, but really house malicious code or link to malicious websites hosting malware. Someone other than the owner has compromised these sites. In the instance that Firefox blocks a site as malicious, this category is used. Examples include defaced, hacked by, etc.

Ad Fraud

Websites that are being used to commit fraudulent online display advertising transactions using different ad impression boosting techniques including but not limited to the following: ads stacking, iframe stuffing, and hidden ads. Sites that have high non-human web traffic (NHT) and with rapid, large, and experience unexplained changes in traffic.

Spyware and Questionable Software

In the case of spyware or keystroke loggers, software reports information to a central server. Defined as questionable software, some people may object to having on their system, however the software may have a legitimate purpose.

Malware Distribution Point

Web pages that host exploits, viruses, and/or other malware are considered Malware Distribution Points. This category is used by web analysts if their anti-virus program triggers on a particular website.

Malware Call-Home

When spyware and viruses check a URL for updates or report information back to a particular URL, this is labelled as a malware call-home address.


A botnet is a group of bots banded together or compromised machines running software used by hackers to send phishing attacks, denial of service attacks (DDoS) or spam.

Cryptocurrency Mining

Websites that use cryptocurrency mining technology without user permission. This is considered a malicious category.

Command and Control Centers

With command and control centers, internet servers are used to send commands to infected machines named bots.

Spam URLs

URLs that frequently occur in spam messages.

Protect Your Users & Networks with the #1 URL Database For Web Filtering

Enabling web filtering and parental controls vendors with premium web content categorization malicious detection, performance, coverage, accuracy, through a customizable and easy-to-integrate API, combined with the industry’s best customer service and responsiveness.

Explore Web FilteringzveloDB URL Database