Hello Dr.Web team,
I run an educational cybersecurity training platform
(0x12darkdev[.]net) flagged as malicious in your URL database.
I submitted a false positive report via the official form and
received "This is not a false alarm" without any details.
Context:
- Educational platform for offensive security professionals
- Courses on Windows internals, malware analysis, red team operations
- All content has explicit ethical use disclaimer
- Site is clean on 89/93 VT vendors (only Dr.Web, ADMINUSLabs,
CyRadar flag it)
- Valid SSL (Let's Encrypt), SSL Labs grade A
- Google Safe Browsing: Clean
I respect your virus lab's analysis, but to take action I need
to know:
1. Which specific URL or file on my domain is detected?
2. Under which classification (Trojan, Tool, Program.Unwanted, etc.)?
3. What action would result in delisting?
I'm fully willing to gate, remove, or restructure flagged content.
But without specifics I cannot improve anything.
Thank you,
David
False positive on educational cybersecurity site, cannot get specifics from support
#1
Отправлено 16 Май 2026 - 22:23
#2
Отправлено 17 Май 2026 - 22:22
(0x12darkdev[.]net)
2. Under which classification (Trojan, Tool, Program.Unwanted, etc.)?
Virus source.
SpIDer Gate предотвратил открытие веб-страницы
Причина: Источник распространения вирусов Дата: 17.05.2026
There are different forms to report a false alarm. To report a website, please use the link below. Please describe the nature of your request in as much detail as possible.
https://support.drweb.com/new/detection_issue/?lng=en
___
It doesn't show infection of a specific object based on the main page. So, it could be an outdated (non-existent) address or specific pages used for distributing malware.
Before receiving the details, you can back up your files and perform an offline scan using Dr.Web software. This could include CureIt, Live Disk/USB, or a trial product, as well as specialized business solutions.
Сообщение было изменено Dolmatov: 17 Май 2026 - 22:23


