No, no they didn’t.   At least not from what my investigation finds.   Just wanted to put out there another example of a False Positive in the DHS/US-CERT JAR that I talk about in this article, Grizzly Steppe: Lighting up Like A Christmas Tree

IP address:  66.196.116.112

NSLookup output:

$ nslookup 66.196.116.112
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
112.116.196.66.in-addr.arpa name = pr.comet.vip.bf1.yahoo.com.

WHOIS output can be found here:  Inktomi whois

Inktomi was aquired by Yahoo back in 2002.

wikipedia entry

Now, this 66.196.116.112 IP address is resolved via:  comet.yahoo[.]com

This looks to be a service utilized by Yahoo mail.

 

 

 

 

Short URL: http://bit.ly/2ibowfC