When a page is blocked by the Cisco Umbrella service, our DNS resolvers display a block page instead of the page with the blocked content. These block pages are served from Cisco Umbrella servers. The Anycast IP address and associated block type for these servers are outlined in the table below.
We do not expect these IPs to change again in the near future, but if they did change, that update would be included in this article.
Requests using the “Block Page Bypass” feature could use any of the IP addresses listed on the following website: https://www.opendns.com/data-center-locations/
|Domain List Block Page||a||184.108.40.206|
|Domain List Block Page||aaaa||::ffff:220.127.116.11|
|Command and Control Callback Block Page||a||18.104.22.168|
|Command and Control Callback Block Page||aaaa||::ffff:22.214.171.124|
|Content Category or Application Block Page||a||126.96.36.199|
|Content Category or Application Block Page||aaaa||::ffff:188.8.131.52|
|Malware Block Page||a||184.108.40.206|
|Malware Block Page||aaaa||::ffff:220.127.116.11|
|Phishing Block Page||a||18.104.22.168|
|Phishing Block Page||aaaa||::ffff:22.214.171.124|
|Security Integrations Block Page, Newly Seen Domains, DNS Tunneling VPN, Potentially Harmful, & Dynamic DNS||a||126.96.36.199|
|Security Integrations Block Page, Newly Seen Domains, DNS Tunneling VPN, Potentially Harmful, & Dynamic DNS||aaaa||