Couple ideas (can’t test them now):

They list guns.lol as one of their projects. Looks like a linktree type of personal website hosting service. Some traffic might come from that network of pages, but if that would be the case I would expect google to have indexed their claim links by now. Same thing goes for the captcha service they are running.

They also have a cracked version of a Minecraft cheat client on GitHub. It’s very common to use residential proxies while cheating (or cracking Minecraft accounts), so that might be another option (obviously not for all of the IPs). Someone should scan the IPs claimed by them for common proxy ports.

Might be a good idea to run their claims through a geoip db, even tho they are pretty spread out over different subnets, there still might be a correlation there (like mostly Spanish speaking countries or something like that).

Looks like the gameserver provides some more insights at /statusz, notably there a basically no „image claims“. So it would have to be iframes or script src requests (?).

Might also be fun to monitor your local network for requests to ipv4.games, I will set a notification with my firewall and report back :).