I visited a website today from work in a private browser session (no other cookies stored). I have never visited the site before and our company does not have an account with them. After the page loaded, an animated greeting said "Welcome XXX" where XXX is the name of company I work for. I don't understand how this is possible.
How can I get the company or person name that was issued the IP, from an IP address?
Note that answers from here are giving the name of the issuer of the IP address. For example the issuer of our IP address is the cable company just like a non-business customer. When i do a lookup with http://ipinfo.io or similar services, I get the name of the company that issued and manages the IP address (cable company) and not the name of the person or company that uses it.
Note that one idea that came to mind for how someone got this data from our IP address is companies like https://segment.com. I saw this in the "BuiltWith" data for the website I visited. Segment has enough tooling to be able to map an IP address to a company name through matching data from other services. For example our company has accounts as our company name with 3rd parties that may also use Segment.
Data from multiple segment accounts would easily allow building a database with valid user names and other data that could be sensitive and matching it with an IP addresses. But as far as I can see, Segment does not offer this directly as a feature. So i'm still lost as to how a website knew the company I was working for just by me visiting the page.
Some IP geolocation providers such as Ipregistry or Ipinfo provide a field that includes a company name for a given IP address. It works well in some contexts but it can fall back to the ISP or ASN organization in charge of connection as you noticed.
How can websites spy you even when you are using incognito mode? It's not because you are using a private browser session and that cookies are not stored there is no means to identify you. There exist methods known as Browser Fingerprinting:
https://en.wikipedia.org/wiki/Browser_fingerprint
Besides, as you noticed, there are companies that collect a lot of data from authenticated users (including IP address and company name as entered by the user). Based on this information you can create a model that correlates data from authenticated users with an IP address: if an unknown user A connects from IP X and more than 70% authenticated users in the past that belongs to company C used the same IP X, then A is most probably working for or connecting from company C. Again, this is not perfect but works pretty well depending of the context.