SPECIAL NOTE 2015-05-26: The Upatre malware is making many calls to icanhazip.com on various IP addresses. It’s generating a lot of abuse reports which are keeping me busy. I’m currently working with security researchers from various organizations to reject as many Upatre-related requests as possible but it’s a challenge to match the requests exactly.
If you’re considering filing an abuse report — please don’t. Feel free to reach out to me anytime at major at mhtx dot.net. If you have something sensitive to share, feel free to use my GPG key.
Which sites are available?
You have a few to choose from:
- icanhazip.com – returns your IP address
- icanhazptr.com – returns the reverse DNS record (PTR) for your IP
- icanhaztrace.com – returns a traceroute from my servers to your IP address
- icanhaztraceroute.com – returns a traceroute from my servers to your IP address
- icanhazepoch.com – returns the epoch time (also called Unix time)
- icanhazproxy.com – can determine if your traffic is being proxied
Why should I use these services when there are plenty of other ones out there?
My services return all data in plain text without any advertisements or extra data. I also monitor the services to ensure they’re always available.
How do I control whether I get results based on IPv4 or IPv6?
There are two helper subdomains for icanhazip.com: ipv4.icanhazip.com and ipv6.icanhazip.com. However, I recommend using your command line tool options or code libraries to handle this:
$ curl -4 icanhazip.com 22.214.171.124 $ curl -6 icanhazip.com 2001:4802:7802:102:c69b:800f:ff20:4cc4
How do I deal with a proxy that is mangling my externally facing IP address?
I run all of these services on ports 80 and 81 in clear text. You can also use SSL to reach these services on port 443 but only icanhazip.com has an SSL certificate configured. For example:
$ curl -4 https://icanhazip.com/ 126.96.36.199
Why do all these domains have “icanhaz” in them?
You may understand the reasoning further if you review Wikipedia’s article on lolcats.
Where can I get the source?
Roll on over to GitHub!
Can I add checks against these domains to my scripts?
Sure! Just try not to smash the service with unneeded requests.
What about my privacy?
I do keep the logs from the web server around to ensure that the service isn’t being abused. However, no data is stored in a database or provided to third parties. I may pull some general statistics from the logs from time to time about the countries where the site is the most popular, but there will never be anything released on a granular level.
My Puppy Linux box keeps talking to your server. What’s up?
I’m not a Puppy Linux user, but my site is used by some of the startup scripts to help users determine what their external IP address is after booting. My site returns IP addresses without any advertisements and that’s why it’s relatively popular in some circles. I don’t gather any information about users other than what would normally appear in an Apache log. If you’re upset about your computer making these connections, please direct your complaints to Puppy Linux developers and maintainers.
Can I get response time and uptime statistics?
Sure! But don’t take my word for it.