I think the following two domain names are false positives:
mail.gandi.net - https://hosts-file.net/?s=mail.gandi.net
webredir.vip.gandi.net - https://hosts-file.net/?s=webredir.vip.gandi.net
These domains are associated with the gandi.net domain name registrar. mail.gandi.net is the email server used for clients' free/paid email accounts with their registered domains. webredir.vip.gandi.net is the site used by gandi for web redirects, e.g. www.example.com to www.somehostingplatform.com/example. This is accomplished through a CNAME record to webredir.vip.gandi.net.
Both are blocked with an EMD classification, which is concerning. Perhaps malware domains have been registered through gandi.net in the past? What is the policy for this?
Thank you for considering this.