So to “claim” an IP address you only need to send a GET request to the server with your tag as a param?
What am I missing? It seems like sampling the headers for the incoming requests would reveal the answer quickly if it’s a 1x1 tracking pixel.
There’s a good chance that they wouldn’t really like the answer: It could have been slipped into a WordPress plugin or added as a call from an npm package, generating millions of unintended requests from other people’s computers to win an internet game.
Yeah that's what I suspect as well - any website where you can put HTML on the domain in some way - there have to be many software packages out there that have this problem.
It could also be as simple as an ad network femboy works at.
I think that might be the point. If you can get someone to load a 1x1 pixel image for you then you in some small way "own" their computer.