Recently, I saw icanhazip.com pop up in my pFsense firewall logs. It was immediately blocked but the name piqued my interest, so I did a little digging which revealed an interesting backstory.
It’s owned by Cloudflare:
spoiler
spoiler
…but it hasn’t always been theirs: icanhazip: How a simple IP address tool survived a deluge of users. Pretty interesting, at least to me as I have never encountered it before.
I have it still blocked as nothing I’m doing seems hampered by blocking icanhazip.com’s ip range. Anyone else ever encounter icanhazip.com?
I think I found the source of the icanhazip.com block. From the Github Issues page:
2025-03-27 17:00:02] production.ERROR: Failed to fetch external IP address. [“cURL error 60: SSL: no alternative certificate subject name matches target hostname ‘icanhazip.com’ (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://icanhazip.com/%E2%80%9D]
ETA: Solved
I think I found the source of the icanhazip.com block. From the Github Issues page:
2025-03-27 17:00:02] production.ERROR: Failed to fetch external IP address. [“cURL error 60: SSL: no alternative certificate subject name matches target hostname ‘icanhazip.com’ (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://icanhazip.com/”]
I haven’t conducted a thorough investigation, but the last container I added was SpeedTest Tracker and I am assuming that it’s using icanhazip.com and ifconfig.co to determine the best test servers based on my locale. I chose my own servers when I set it up. For the time being, I have both blocked and nothing seems to complain. SpeedTest Tracker still crons ever hour with success.