Security Awareness Safelisting US

Safelisting On The US (North American) Platform

Proofpoint Security Awareness Training uses a variety of systems to communicate to devices within your network and deliver email messages to your end users. This guide documents the IP addresses, domains and URLs used to deliver this information. This document should be provided to your email or security administrators to ensure reliable communications.

Note:

  • Only perform safelisting for your licensed Proofpoint Security Awareness Training products.
  • Only safelist the IPs and domains for your hosted location. If you aren’t sure of your hosted location, please contact Customer Support.

Training Notifications

Proofpoint recommends that Training Notifications are sent with a “From:” address that uses your organization’s domain name. This email address will be more familiar to the user and allow the user to easily reply to the message, should they have questions. Before we can send emails using your domain name, you must contact your mail administrator as most email systems restrict email using your organization’s domain name to authorized mail servers. To allow email from our servers using your organization’s domain name, we recommend asking your email administrator to make the following changes:

  • Add the appropriate IP addresses to your SPF records and your email filter safelist
  • securityeducation.com is a domain that can also be safelisted for web filtering

Training Platform

  • 107.20.210.250 
  • 52.1.14.157 

In order to have the uploaded images from the Training Platform automatically downloaded within Outlook, we recommend safelisting the following domain and adding it to the Trusted Sites (located under the Security Tab in Internet options in IE): platform.securityeducation.com.  The following Additional Phishing Administrative Resource URL can be safelisted to ensure proper delivery of all assets including text content, graphics, photographs, videos, audio files, and databases: d1fbefs0dyob6i.cloudfront.net.

Phishing Assessment

To ensure users are provided a realistic assessment, we recommend safelisting the following IP addresses to allow for simulated Phishing attacks to be sent to your end users:

  • 107.23.16.222 
  • 54.173.83.138 

Phishing stock images are hosted at tslp.s3.amazonaws.com.  These images are embedded in Attachments and Teachable Moments.  Safelisting this domain in your firewall or proxy server will ensure these images are displayed to your end users.  Custom images are images that the Phishing Admin has uploaded to personalize their Phishing campaign and are stored at the following domain:  ts-uploads.s3.amazonaws.com 

Phishing Domains

Below is a list of phishing domains you may utilize in your Phishing campaigns. We recommend that you provide this list to your IT or security administrators to ensure that your users will be able to access the Teachable Moment seamlessly from within your organization’s network.

Phishing Teachable Moments will also make calls to the following URLs:

  • https://tslp.s3.amazonaws.com 
  • https://java.com 
  • https://ajax.googleapis.com 
  • https://fonts.googleapis.com 
  • https://tscontent.s3.amazonaws.com 
  • https://d2wy8f7a9ursnm.cloudfront.net
  • https://dp4eiskq7iesj.cloudfront.net

Below is a list of all Phishing domains that will need to be safe listed on the North American (US) production environment.

4ooi.co 

enegry.org 

password-update.net 

 

 

 

4ooi.com 

entwurf-laden.de 

payablaccounts.com 

 

 

 

4ooi.in 

eservce.com 

paypol-login.com 

 

 

 

4ooi.info 

event-planer.net 

pharmamedsonline.com 

 

 

 

account-maintenance.com 

exch01-corp.com 

pharmlink.in 

 

 

 

accounts-receivable.co 

facbook-login.com 

phishingtraining.com 

 

 

 

ackisses53.com 

firstfedtrust.com 

pipelinenews.net 

 

 

 

acxx53.com 

flightstatalert.com 

postcardfast.com 

 

 

 

acxx53.de 

freeenergypress.com 

prnewsnet.us 

 

 

 

admissionshelpu.org 

fundingsource.services 

publicemailservice.com 

 

 

 

adobe-0nline.com 

goggl.cc 

qqoffi55.cc 

 

 

 

adobecloudservices.com 

gotwebinar.online 

qqoffi55.com 

 

 

 

aibabba-deals.com 

gov-online.net 

qquio.com 

 

 

 

amazoon.online 

gov-services.com 

ransomware.site 

 

 

 

annualenroll.com 

greetingsweb.com 

register-now.world 

 

 

 

avoidphishing.securityeducation.com* 

grnail.world 

rwebfix.com 

 

 

 

breaking-news-network.net 

hpdocument.com 

saleslinkforce.com 

 

 

 

breaking-news-now.com 

informedvoterleague.com 

salesteamlink.com 

 

 

 

business-services.org 

info-week.net 

scandeviceservices.com 

 

 

 

byt.im 

info-week.us 

sec-10k.com 

 

 

 

cadeauavant.fr 

instagrarn.net 

securebankingsevices.com 

 

 

 

cardservices.online 

internalitsupport.com 

securelogin-wallet.com 

 

 

 

cloud-store.services 

investmentsecureportal.com 

securityeducation.com 

 

 

 

combase.co 

itnues.net 

self-serve.co 

 

 

 

committee4strongleadership.com 

lesportsacxx53.com 

seriouslydonotclickthis.com 

 

 

 

concur-s0lutions.com 

link91.in 

sharepoint-docshare.com 

 

 

 

contract-sign.online 

linkedincdn.com 

shipment-confirm.com 

 

 

 

corpbenefitplan.com 

loan-payments.com 

shippingupdate.net 

 

 

 

corp-hr.com 

localhostlocaldomain.com 

sn84229.co 

 

 

 

corp-internal.co.uk 

luk66.cn 

sphotos-fbcdn.com 

 

 

 

corp-internal.com 

mailcenter-alert.com 

sportstoday.biz 

 

 

 

corp-internal.net 

mail-delivery-system.com 

stubclub.co 

 

 

 

corp-internal.us 

maildeliverysystem.net 

techsupport-corp.com 

 

 

 

corpoutlook.com 

maliciousfile.online 

thisisaphishingattack.com 

 

 

 

corp-proxy.com 

matchesonline.net 

trackingupdate.net 

 

 

 

creditmass.ru 

meeting-reminder.com 

tradeinternationai.com 

 

 

 

cyber-sale.net 

metflix.us 

travelresinfo.com 

 

 

 

dcscanscation.com 

micrasoft-office365.com 

updamicrosoft.com 

 

 

 

decision2016.win 

microsoftsql.net 

updatracking.com 

 

 

 

detailswire.com 

myensurance.co 

user-account.online 

 

 

 

docsign-online.com 

nationalcouncil4not-for-profits.com 

user-account-maintenance.com 

 

 

 

dropboxlink.com 

netbenefits-access.com 

vobamobile.net 

 

 

 

dynssi.com 

office3889.com 

voicemailaccess.net 

 

 

 

ee77red.ru 

olympicresults.online 

webfilteralert.com 

 

 

 

egencia-online.com 

onedrive-micrasoft.com 

www01-local.com 

 

 

 

electioninfo.online 

onlinedocshare.com 

 

 

 

 

emailquarantine.com 

password-update.com