The server gets the IP address from the accept4() system call. It ignores HTTP headers (e.g. x-forwarded-for) when determining the IP. It's possible to claim IPs by embedding <img src="//ipv4.games/claim?name=jart"> on a web page. My web server will notice the Accept header wants an image and will serve a 1x1 transparent gif rather than an html response. That's how I play the game: https://justine.lol/ The whales normally don't do this. They usually have something like a Go or Python script which sends bare minimal HTTP requests. On Sat, Aug 16, 2025 at 2:21 AM Saku Ytti <saku@ytti.fi> wrote:
Couldn't they just ensure that some popular pages that people visit have a link to the claim?
You're not telling much how the ipv4.games works or what the requests are like which makes it quite hard to speculate.
In the headers, do you see various user agents being used, and various formatting and permutations of options?
On Sat, 16 Aug 2025 at 09:15, Justine Tunney via NANOG <nanog@lists.nanog.org> wrote:
I operate an online service at https://ipv4.games/ that invites people
to
send http requests to my web server from a lot of different IP addresses. In order to claim an IP, you need to successfully make a tcp three-way handshake with a VM on Google's network.
Somehow a player in Europe named femboy.cat has successfully managed to claim 20 million IPs, which is 9% of all IPv4 hosts according to Censys.
Does anyone have any idea how they're doing it?
Would anyone here be willing to be their North American rival? _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/MMCCEQKA...
-- ++ytti