No, no they didn’t. At least not from what my investigation finds. Just wanted to put out there another example of a False Positive in the DHS/US-CERT JAR that I talk about in this article, Grizzly Steppe: Lighting up Like A Christmas Tree
IP address: 22.214.171.124
$ nslookup 126.96.36.199
188.8.131.52.in-addr.arpa name = pr.comet.vip.bf1.yahoo.com.
WHOIS output can be found here: Inktomi whois
Inktomi was aquired by Yahoo back in 2002.
Now, this 184.108.40.206 IP address is resolved via: comet.yahoo[.]com
This looks to be a service utilized by Yahoo mail.