Comment by jlgaddis

I see two prefixes advertised by 51040, with very different paths:

    cr1.ipls# sh ip bgp regexp 51040$        
    BGP table version is 210945139, local router ID is 8.30.x.255
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete

       Network          Next Hop            Metric LocPrf Weight Path
    *> 194.14.56.0      4.69.180.161             0             0 3356 5580 3.987 51040 i
    *> 194.71.107.0     4.69.180.161             0             0 3356 2914 39138 22351 2.207 51040 i

I don't know what, if anything, they use 194.14.56/24 for, but both appear to belong to the same organization (although the registrant records differ just a bit).

EDIT: I'm gonna dig into my database and see what the path looked like a day or two ago.

EDIT: 2 days ago: the .107/24 path: 3356 3549 16150 51040

16150 is "Availo Networks AB" and they do appear to do heavy prefix filtering -- as they should -- but I see no import policy for 51040:

    $ whois -h whois.ripe.net AS16150
    ...

It's possible and plausible that TPB is using one or more VPNs to hide the true route traffic is taking (who knows what they're really doing, though).