Welp, they are definitely blackholing it inside of their own network. From their very own looking glass:<p>Frankfurt:<p><pre><code> BGP routing table entry for 104.31.19.30/32, version 3435302524
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Local
10.255.255.255 (metric 10118050) from 38.28.1.83 (38.28.1.83)
Origin IGP, metric 0, localpref 150, valid, internal, best
Community: 174:990 174:20912 174:21001
Originator: 66.28.1.228, Cluster list: 38.28.1.83, 38.28.1.67, 38.28.1.65, 154.54.66.49
</code></pre>
Washington, D.C.:<p><pre><code> BGP routing table entry for 104.31.19.30/32, version 611495772
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Local
10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
Origin IGP, metric 0, localpref 150, valid, internal, best
Community: 174:990 174:20912 174:21001
Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
</code></pre>
... and the originator:<p><pre><code> $ host 66.28.1.228
228.1.28.66.in-addr.arpa domain name pointer lo0.blackhole.dca01.atlas.cogentco.com.
$
</code></pre>
Answers that question.