It's still an interesting post, because if true I'd still be curious how you'd get 20 million people to load anything.
But the title here is totally misleading because it sure sounds like someone took control of 9% of the ipv4 address space but the actual post starts with context.
You can get 100 million people to load the 1x1 by adding it using javascript to an adsense ad you publish on Google...
The number of times my browser has been hijacked from their ad network is numerous.
Odds are, the culprit owns some IP that is running on 20M devices. Whether it's a mobile game. A bot net. An ad. Or some other script/service that allows other machines to make the request on his/her behalf.
I would guess a WordPress plugin or something.
20 million is a lot, but if you look at geoip, they are around the whole world; I took 3 random latest IPs and I saw Vietnam, Brazil and Angola. So it's not that much when it's worldwide.
But it suggests it's not a geographically limited website. If it's through a website. It's probably not a ad buy. (Who would burn money on that...)
However the requests are literally every second. So it's something very popular. (Or a bot and they are somehow faking the source address...)
> Vietnam, Brazil and Angola
Curiously, these are some of the top countries I see when analyzing traffic from malicious scraping bots that disguise themselves as old Chrome versions on my websites.
So it's possible that one of those botnet-ish residential proxy services is being used here. The ones that use things like compromised browser extensions to turn unknowing users into exit nodes.
Edit: Yep, it's residential proxies, someone on the linked page mentioned a website where you can look up the IPs and all of them come up as proxies.
I find this really interesting, I can see a few different ideas on GitHub to claim IPs, but I don't see any of those reaching that scale.
https://github.com/search?q=ipv4.games%2Fclaim&type=code&p=1
While running ads is definitely a possibility, reaching 9% of all available IPs sounds like a crazy expensive campaign. I don't know what the ratio of people to public IP is but I doubt it's one.
20 million unique users is not that much. I don't understand the claim that this constitutes 9% of all IP addresses. It doesn't. There are about 4 billion public IPv4 address. 9% of that would be closer to 300 million.
You're right, like others said in the comments the 9% in the comments is from total active hosts tracked by Censys (~231 million). But I still think it's challenging to have that much reach and unlikely to be an ad campaign. Using numbers from the website bellow the cost of getting 20 million impressions would be around $43,200 on the low-end for YouTube ads and can be much higher on different platforms. That is also assuming perfect efficiency were you we have exactly one impression per IP which is unlikely to be the case.
https://www.guptamedia.com/social-media-ads-cost
Is it reasonable to assume these aren’t 100% static IP addresses? If so, maybe there’s some double counting going on.
The commenters on the linked post mention loading the pixel image embedded in an advertisement campaign.
This would make it possible to have thousands of impressions for relatively low amounts of money.
Maybe IoT software, though I wonder how they are doing the NAT busting if it's behind a router.