ARIN Fraud Reporting Results - 2023

First Quarter Investigation Results

ARIN received 43 fraud reports in the first quarter of 2023. Of the reports received:

  • 36 involved matters such as abusive activity that are outside the scope of ARIN's fraud reporting process. No action was necessary.
  • 1 report involved multiple Org IDs with IPv4 waiting list requests by a single entity. Our investigation of this report is ongoing.
    • Ticket number: 20230116-F3707
  • 2 reports involved unauthorized changes to records. The records were locked.
    • Ticket numbers: 20230118-F3708, 20230303-F3736
  • 1 report involved a request to remove a stale reassignment record. We confirmed and removed the record.
    • Ticket number: 20230118-F3709
  • 1 report involved fraudulently obtained IPv4 addresses. We were unable to confirm; no action was taken.
    • Ticket number: 20230121-F3710
  • 1 report involved a report of multiple Org IDs created to bypass the IPv6 transition block policy's six month waiting period. Our investigation is ongoing.
    • Ticket number: 20230122-F3711
  • 1 report involved a hijacked ASN. We were unable to confirm; the records were locked.
    • Ticket number: 20230302-F3735

Second Quarter Investigation Results

ARIN received 76 fraud reports in the second quarter of 2023. Of the reports received:

  • 2 reports involved the sale of Internet Number Resources. No action was taken since the resources are eligible for need-based transfer.
    • Ticket numbers: 20230425-F3753, 20230412-F3744
  • 1 report involved a falsified LOA used for unauthorized routing. The routes were withdrawn.
    • Ticket number: 20230623-F3816
  • 1 report involved potential out of region use in violation of ARIN policy. The routing was discovered to be anycasting with announcements in the ARIN region.
    • Ticket number: 20230530-F3788
  • 1 report involved a report of a hijacked legacy block. We confirmed the hijack, confirmed the registrant no longer exists and has no legal successor, and placed the block in hold status.
    • Ticket: 20230526-F3772
  • 1 report involved a Letter of Authorization (LOA) used to induce unauthorized creation of a ROA. The ROA was removed and RPKI information was provided to help thwart future attacks.
    • Ticket: 20230411-F3743
  • 2 reports involved unauthorized routing. All unauthorized routes were withdrawn.
    • Ticket numbers: 20230509-F3758, 20230509-F3758