First Quarter Investigation Results
ARIN received 43 fraud reports in the first quarter of 2023. Of the reports received:
- 36 involved matters such as abusive activity that are outside the scope of ARIN's fraud reporting process. No action was necessary.
- 1 report involved multiple Org IDs with IPv4 waiting list requests by a single entity. Our investigation of this report is ongoing.
- Ticket number: 20230116-F3707
- 2 reports involved unauthorized changes to records. The records were locked.
- Ticket numbers: 20230118-F3708, 20230303-F3736
- 1 report involved a request to remove a stale reassignment record. We confirmed and removed the record.
- Ticket number: 20230118-F3709
- 1 report involved fraudulently obtained IPv4 addresses. We were unable to confirm; no action was taken.
- Ticket number: 20230121-F3710
- 1 report involved a report of multiple Org IDs created to bypass the IPv6 transition block policy's six month waiting period. Our investigation is ongoing.
- Ticket number: 20230122-F3711
- 1 report involved a hijacked ASN. We were unable to confirm; the records were locked.
- Ticket number: 20230302-F3735
Second Quarter Investigation Results
ARIN received 76 fraud reports in the second quarter of 2023. Of the reports received:
- 2 reports involved the sale of Internet Number Resources. No action was taken since the resources are eligible for need-based transfer.
- Ticket numbers: 20230425-F3753, 20230412-F3744
- 1 report involved a falsified LOA used for unauthorized routing. The routes were withdrawn.
- Ticket number: 20230623-F3816
- 1 report involved potential out of region use in violation of ARIN policy. The routing was discovered to be anycasting with announcements in the ARIN region.
- Ticket number: 20230530-F3788
- 1 report involved a report of a hijacked legacy block. We confirmed the hijack, confirmed the registrant no longer exists and has no legal successor, and placed the block in hold status.
- Ticket: 20230526-F3772
- 1 report involved a Letter of Authorization (LOA) used to induce unauthorized creation of a ROA. The ROA was removed and RPKI information was provided to help thwart future attacks.
- Ticket: 20230411-F3743
- 2 reports involved unauthorized routing. All unauthorized routes were withdrawn.
- Ticket numbers: 20230509-F3758, 20230509-F3758