It still happens. And it used to be ubiquitous, so any old pages that get copied and republished is broadcasting its title pixel.
> On Aug 16, 2025, at 9:04 AM, Jon Lewis via NANOG <[email protected]> > wrote: > > > https://isc.sans.edu/diary/31136 > > You say this person is a developer, and it appears all it takes to claim an > IP is to hit a link to a 1x1 pixel image from that IP. > Is it possible this person has embedded their URL in software that’s used on > many sites (i.e. a CMS or popular plugin for a CMS) or possibly has > compromised some high traffic website(s) and quietly embedded their URL > without disturbing anything else that would make the compromise apparent to > the site owners? It’s been a while since I’ve had firsthand experience with > this, but I know the latter used to happen with some frequency (website is > hacked and the owners are oblivious), and I assume it still does. > > Sent from my iPhone > >> On Aug 16, 2025, at 5:36 AM, Justine Tunney via NANOG >> <[email protected]> wrote: >> >> The server gets the IP address from the accept4() system call. It ignores >> HTTP headers (e.g. x-forwarded-for) when determining the IP. >> >> It's possible to claim IPs by embedding <img >> src="//ipv4.games/claim?name=jart"> on a web page. My web server will >> notice the Accept header wants an image and will serve a 1x1 transparent >> gif rather than an html response. That's how I play the game: >> https://justine.lol/ >> >> The whales normally don't do this. They usually have something like a Go or >> Python script which sends bare minimal HTTP requests. >> >>> On Sat, Aug 16, 2025 at 2:21 AM Saku Ytti <[email protected]> wrote: >>> >>> Couldn't they just ensure that some popular pages that people visit >>> have a link to the claim? >>> >>> You're not telling much how the ipv4.games works or what the requests >>> are like which makes it quite hard to speculate. >>> >>> >>> In the headers, do you see various user agents being used, and various >>> formatting and permutations of options? >>> >>> >>>> On Sat, 16 Aug 2025 at 09:15, Justine Tunney via NANOG >>>> <[email protected]> wrote: >>>> >>>> I operate an online service at https://ipv4.games/ that invites people >>> to >>>> send http requests to my web server from a lot of different IP addresses. >>>> In order to claim an IP, you need to successfully make a tcp three-way >>>> handshake with a VM on Google's network. >>>> >>>> Somehow a player in Europe named femboy.cat has successfully managed to >>>> claim 20 million IPs, which is 9% of all IPv4 hosts according to Censys. >>>> >>>> Does anyone have any idea how they're doing it? >>>> >>>> Would anyone here be willing to be their North American rival? >>>> _______________________________________________ >>>> NANOG mailing list >>>> >>> https://lists.nanog.org/archives/list/[email protected]/message/MMCCEQKA4UPGGWFWEBWLYKHTYCAOQIZS/ >>> >>> >>> >>> -- >>> ++ytti >>> >> _______________________________________________ >> NANOG mailing list >> https://lists.nanog.org/archives/list/[email protected]/message/PN6RSJUQ2QM6ZHGAZWSVCCEOFTK3UW7N/ > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/O5KFWOO7LQMKNWUVZQOUUSZPR22AIHRY/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/65Z5ORTXZRC2QQYT5RU2B55SIABHHUXD/
