Recently, I saw icanhazip.com pop up in my pFsense firewall logs. It was immediately blocked but the name piqued my interest, so I did a little digging which revealed an interesting backstory.

It’s owned by Cloudflare:

spoiler

spoiler

…but it hasn’t always been theirs: icanhazip: How a simple IP address tool survived a deluge of users. Pretty interesting, at least to me as I have never encountered it before.

I have it still blocked as nothing I’m doing seems hampered by blocking icanhazip.com’s ip range. Anyone else ever encounter icanhazip.com?

I think I found the source of the icanhazip.com block. From the Github Issues page:

2025-03-27 17:00:02] production.ERROR: Failed to fetch external IP address. [“cURL error 60: SSL: no alternative certificate subject name matches target hostname ‘icanhazip.com’ (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://icanhazip.com/%E2%80%9D]

ETA: Solved

I think I found the source of the icanhazip.com block. From the Github Issues page:

2025-03-27 17:00:02] production.ERROR: Failed to fetch external IP address. [“cURL error 60: SSL: no alternative certificate subject name matches target hostname ‘icanhazip.com’ (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://icanhazip.com/”]

    • irmadlad@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      3 days ago

      Interestingly enough, ifconfig.co shows up too. I knew about ifconfig.co tho. Since the last container I added was SpeedTest Tracker to replace OpenSpeedTest, and that’s about the time icanhazip.com showed up, I am assuming SpeedTest Tracker is using both ifconfig.co and icanhazip.com to determine the local external IP and the closest test servers to it. The request is originating from the LAN. However, I selected my own servers I wanted to use based on my locale, so blocking either hasn’t stopped SpeedTest Tracker from doing it’s tests on an hourly basis.