[GH-ISSUE #313] Why are agents repeatedly looking up icanhazip.xlawgaming.com? #2148

New issue

Closed

opened 2026-03-14 02:46:10 +03:00 by kerem · 4 comments

kerem commented 2026-03-14 02:46:10 +03:00

Owner

Copy link

Originally created by @djsvi on GitHub (Mar 6, 2021).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/313

I've noticed the RMM agents are regularly (every 5-10 minutes) requesting DNS resolution of icanhazip.xlawgaming.com.

Why is this?

Thanks.

Originally created by @djsvi on GitHub (Mar 6, 2021). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/313 I've noticed the RMM agents are regularly (every 5-10 minutes) requesting DNS resolution of icanhazip.xlawgaming.com. Why is this? Thanks.

kerem closed this issue 2026-03-14 02:46:17 +03:00

kerem commented 2026-03-14 02:46:24 +03:00

Author

Owner

Copy link

@wh1te909 commented on GitHub (Mar 6, 2021):

it's how the agent gets the public ip that's displayed in the summary tab in the web gui

xlawgaming.com is a domain i own. starting from agent 1.4.8 I changed it to tacticalrmm.io which i also own but same code, you can find here https://github.com/wh1te909/icanhazip

agent needs to hit an external website to get the real public ip, since alot of people run their RMM behind nat so public ip would actually return a local ip if i were to use the rmm to extract it

and you can find the public ip function of the agent here github.com/wh1te909/rmmagent@cc13a14679/agent/utils.go (L23)

<!-- gh-comment-id:791898269 --> @wh1te909 commented on GitHub (Mar 6, 2021): it's how the agent gets the public ip that's displayed in the summary tab in the web gui `xlawgaming.com` is a domain i own. starting from agent 1.4.8 I changed it to `tacticalrmm.io` which i also own but same code, you can find here https://github.com/wh1te909/icanhazip agent needs to hit an external website to get the real public ip, since alot of people run their RMM behind nat so public ip would actually return a local ip if i were to use the rmm to extract it and you can find the public ip function of the agent here https://github.com/wh1te909/rmmagent/blob/cc13a1467984d19a7578d03771e422484158825e/agent/utils.go#L23

kerem commented 2026-03-14 02:46:29 +03:00

Author

Owner

Copy link

@githubbiswb commented on GitHub (Mar 6, 2021):

Would you consider using another source? Would save you the traffic, and its name would be a bit more obvious to those watching their network traffic something like the following which I run in batch scripts for this same kind of purpose

nslookup myip.opendns.com resolver1.opendns.com

<!-- gh-comment-id:792052249 --> @githubbiswb commented on GitHub (Mar 6, 2021): Would you consider using another source? Would save you the traffic, and its name would be a bit more obvious to those watching their network traffic something like the following which I run in batch scripts for this same kind of purpose nslookup myip.opendns.com resolver1.opendns.com

kerem commented 2026-03-14 02:46:34 +03:00

Author

Owner

Copy link

@dinger1986 commented on GitHub (Mar 6, 2021):

Once it’s using tacticalrmm.io it will be obvious what it’s for. No need to spam other servers for this.

<!-- gh-comment-id:792054364 --> @dinger1986 commented on GitHub (Mar 6, 2021): Once it’s using tacticalrmm.io it will be obvious what it’s for. No need to spam other servers for this.

kerem commented 2026-03-14 02:46:39 +03:00

Author

Owner

Copy link

@wh1te909 commented on GitHub (Mar 6, 2021):

thank you @dinger1986 yea agent 1.4.8 was released last week so update your rmms and then once your agents update they'll start hitting icanhazip.tacticalrmm.io also this gives me more control for example there was a recent feature request to prefer ipv4 instead of ipv6 for the agent

@githubbiswb traffic is not an issue, am using cloudflare plus my vm's have unmetered bandwith

<!-- gh-comment-id:792070405 --> @wh1te909 commented on GitHub (Mar 6, 2021): thank you @dinger1986 yea agent 1.4.8 was released last week so update your rmms and then once your agents update they'll start hitting `icanhazip.tacticalrmm.io` also this gives me more control for example there was a recent feature request to prefer ipv4 instead of ipv6 for the agent @githubbiswb traffic is not an issue, am using cloudflare plus my vm's have unmetered bandwith

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

1.0.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.20.1

v0.20.0

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.2

v0.18.1

v0.18.0

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.5

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.12

v0.15.11

v0.15.10

v0.15.9

v0.15.8

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.32

v0.4.31

v0.4.30

v0.4.29

v0.4.28

v0.4.27

v0.4.26

v0.4.25

v0.4.24

v0.4.23

v0.4.22

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

In Process

  

bug

  

bug

  

dev-triage

  

documentation

  

duplicate

  

enhancement

  

fixed

  

good first issue

  

help wanted

  

integration

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

requires agent update

  

security

  

ui tweak

  

wontfix

No labels

In Process

bug

bug

dev-triage

documentation

duplicate

enhancement

fixed

good first issue

help wanted

integration

invalid

pull-request

question

requires agent update

security

ui tweak

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/tacticalrmm#2148

No description provided.