[FALSE-POSITIVE] ftp.jaist.ac.jp

[PeterDaveHello]

Domains or links

ftp.jaist.ac.jp / https://ftp.jaist.ac.jp/

More Information

ftp.jaist.ac.jp is one of the major mirror sites for many popular open source projects such as Linux distributions, web servers like Apache, databases like MySQL, and many other open source tools and libraries. It provides an invaluable service to the global open source community. Not sure why it's listed here though.

Have you requested removal from other sources?

Nope, it's not in the other lists that I'm currently using.

Additional context

Check result from https://github.com/PeterDaveHello/chkdomain, only SafeDNS blocks it:

$ ./chkdm ftp.jaist.ac.jp
You are checking domain: ftp.jaist.ac.jp

Running dig/nslookup over 10 nofilter DNS:
 - AdGuard (94.140.14.140) ... OK! (150.65.7.130)
 - Cloudflare (1.1.1.1) ... OK! (150.65.7.130)
 - dns0.eu (193.110.81.254) ... OK! (150.65.7.130)
 - Freenom World (80.80.80.80) ... OK! (150.65.7.130)
 - Google (8.8.8.8) ... OK! (150.65.7.130)
 - Hinet (168.95.1.1) ... OK! (150.65.7.130)
 - OpenDNS (208.67.222.2) ... OK! (150.65.7.130)
 - Quad9 (9.9.9.10) ... OK! (150.65.7.130)
 - UltraDNS (64.6.64.6) ... OK! (150.65.7.130)
 - Yandex (77.88.8.1) ... OK! (150.65.7.130)

Running dig/nslookup over 11 secure DNS:
 - CleanBrowsing (185.228.168.9) ... OK! (150.65.7.130)
 - Cloudflare (1.1.1.2) ... OK! (150.65.7.130)
 - Comodo (8.26.56.26) ... OK! (150.65.7.130)
 - CONTROL D (76.76.2.1) ... OK! (150.65.7.130)
 - dns0.eu (193.110.81.0) ... OK! (150.65.7.130)
 - OpenDNS (208.67.222.222) ... OK! (150.65.7.130)
 - Quad101 (101.101.101.101) ... OK! (150.65.7.130)
 - Quad9 (9.9.9.9) ... OK! (150.65.7.130)
 - SafeDNS (195.46.39.39) ... Failed!
   Address: 195.46.39.1
 - UltraDNS (156.154.70.2) ... OK! (150.65.7.130)
 - Yandex (77.88.8.2) ... OK! (150.65.7.130)

Running dig/nslookup over 6 AD(and tracker)-blocking DNS:
 - AdGuard (94.140.14.14) ... OK! (150.65.7.130)
 - AhaDNS (5.2.75.75) ... OK! (150.65.7.130)
 - CONTROL D (76.76.2.2) ... OK! (150.65.7.130)
 - dnsforge.de (176.9.93.198) ... OK! (150.65.7.130)
 - OVPN (192.165.9.157) ... OK! (150.65.7.130)
 - Tiarap (188.166.206.224) ... OK! (150.65.7.130)

Also check with other OSINT sources about this domain, didn't see it harmful:

AlienVault Open Threat Exchange

• https://otx.alienvault.com/indicator/domain/ftp.jaist.ac.jp Bitdefender TrafficLight
• https://trafficlight.bitdefender.com/info/?url=https%3A%2F%2Fftp.jaist.ac.jp Google Safe Browsing
• https://transparencyreport.google.com/safe-browsing/search?url=ftp.jaist.ac.jp Kaspersky Threat Intelligence Portal
• https://opentip.kaspersky.com/ftp.jaist.ac.jp?tab=web McAfee SiteAdvisor
• https://siteadvisor.com/sitereport.html?url=ftp.jaist.ac.jp Norton Safe Web
• https://safeweb.norton.com/report/show?url=ftp.jaist.ac.jp OpenDNS
• https://domain.opendns.com/ftp.jaist.ac.jp URLVoid
• https://www.urlvoid.com/scan/ftp.jaist.ac.jp/ urlscan.io
• https://urlscan.io/domain/ftp.jaist.ac.jp VirusTotal
• https://www.virustotal.com/en/domain/ftp.jaist.ac.jp/information/ Yandex Site safety report
• https://yandex.com/safety/?l10n=en&url=ftp.jaist.ac.jp

[PeterDaveHello]

PR sent: https://github.com/mitchellkrogza/phishing/pull/231

[PeterDaveHello]

Close as https://github.com/mitchellkrogza/phishing/pull/231 was merged.