Evidence strongly suggests that AS10392 together with all of the IPv4 space it is currently announcing routes for, i.e.: 192.171.64.0/19 204.137.224.0/19 205.164.0.0/20 205.164.16.0/20 205.164.32.0/20 205.164.48.0/20 have all been hijacked. I will be reporting this formally to ARIN today, via their helpful fraud reporting web form. In the meantime, while this case is being carefully adjudicated by ARIN, some folks may wish to blackhole the above. (The IP space appears to be in use by some sort of snowshoe spamming operation.) Regards, rfg P.S. Connectivity for AS10392 appears to come from only one place: http://www.robtex.com/as/as10392.html#graph