Proofpoint Security Awareness Training uses a variety of systems to communicate to devices within your network and deliver email messages to your end users. This guide documents the IP addresses, domains and URLs used to deliver this information. This document should be provided to your email or security administrators to ensure reliable communications.  


Notes


  • Only perform safelisting for your licensed Proofpoint Security Awareness Training products. 
  • Only safelist the IPs and domains for your hosted location.  If you aren’t sure of your hosted location, please contact [email protected].


Training Notifications


Proofpoint recommends that Training Notifications are sent with a “From:” address that uses your organization’s domain name. This email address will be more familiar to the user and allow the user to easily reply to the message, should they have questions. Before we can send emails using your domain name, you must contact your mail administrator as most email systems restrict email using your organization’s domain name to authorized mail servers. To allow email from our servers using your organization’s domain name, we recommend asking your email administrator to make the following changes: 


  • Add the appropriate IP addresses to your SPF records and your email filter safelist 
  • securityeducation.com is a domain that can also be safelisted for web filtering 


Training Platform


  • 107.20.210.250 
  • 52.1.14.157


In order to have the uploaded images from the Training Platform automatically downloaded within Outlook, we recommend safelisting the following domain and adding it to the Trusted Sites (located under the Security Tab in Internet options in IE): platform.securityeducation.com.  The following Additional Phishing Administrative Resource URL can be safelisted to ensure proper delivery of all assets including text content, graphics, photographs, videos, audio files, and databases: d1fbefs0dyob6i.cloudfront.net.


Phishing Assessment


To ensure users are provided a realistic assessment, we recommend safelisting the following IP addresses to allow for simulated Phishing attacks to be sent to your end users:


These IP addresses will need to be added to your SPF record:

  • 107.23.16.222 
  • 54.173.83.138


Phishing stock images are hosted at tslp.s3.amazonaws.com.  These images are embedded in Attachments and Teachable Moments.  Safelisting this domain in your firewall or proxy server will ensure these images are displayed to your end users.  Custom images are images that the Phishing Admin has uploaded to personalize their Phishing campaign and are stored at the following domain: ts-uploads.s3.amazonaws.com.


Phishing Domains 


Below is a list of phishing domains you may utilize in your Phishing campaigns. We recommend that you provide this list to your IT or security administrators to ensure that your users will be able to access the Teachable Moment seamlessly from within your organization’s network.   


Note: Many default Phishing templates include a sub-domain. Therefore, if you are safelisting by domain, you may wish to wildcard it. For example, you would safelist “*.proofpoint.com” instead of safelisting “proofpoint.com” to ensure that all sub-domains are included.


Phishing Teachable Moments will also make calls to the following URLs: 


https://tslp.s3.amazonaws.com 

https://java.com 

https://ajax.googleapis.com 

https://fonts.googleapis.com 

https://tscontent.s3.amazonaws.com 

https://d2wy8f7a9ursnm.cloudfront.net

https://dp4eiskq7iesj.cloudfront.net


Domains for US


4ooi.co

4ooi.com

4ooi.in

4ooi.info

account-maintenance.com

accounts-receivable.co

ackisses53.com

acxx53.com

acxx53.de

admissionshelpu.org

adobe-0nline.com

adobecloudservices.com

aibabba-deals.com

amazoon.online

annualenroll.com

breaking-news-network.net

breaking-news-now.com

business-services.org

byt.im

cadeauavant.fr

cardservices.online

cloud-store.services

combase.co

Committee4StrongLeadership.com

concur-s0lutions.com

contract-sign.online

corpbenefitplan.com

corp-internal.co.uk

corp-internal.com

corp-internal.net

corpinternal.us

corp-internal.us

corpoutlook.com

corp-proxy.com

creditmass.ru

cyber-sale.net

dcscanscation.com

decision2016.win

detailswire.com

docsign-online.com

donatesolutions.net

dropboxlink.com

dynssi.com

educationresource.site

ee77red.ru

egencia-online.com

electioninfo.online

electionsdecision.com

emailquarantine.com

enegry.org

entwurf-laden.de

e-servce.com

event-planer.net

exch01-corp.com

firstfedtrust.com

flightstatalert.com

freeenergypress.com

fundingsource.services

goggl.cc

gotwebinar.online

gov-online.net

gov-services.com

greetingsweb.com

grnail.world

healthline.site

hpdocument.com

InformedVoterLeague.com

info-week.net

info-week.us

internalitsupport.com

investmentsecureportal.com

itnues.net

lesportsacxx53.com

link91.in

linkedincdn.com

loan-payments.com

localhostlocaldomain.com

luk66.cn

mailcenter-alert.com

mail-center-alert.com

mail-delivery-system.com

maildeliverysystem.net

maliciousfile.online

matchesonline.net

meeting-reminder.com

metflix.us 

microsoftsql.net

myensurance.co

NationalCouncil4not-for-profits.com

netbenefits-access.com

office3889.com

olympicresults.online

onedrive-micrasoft.com

onlinedocshare.com

password-update.com

password-update.net

payablaccounts.com

paypol-login.com

pharmamedsonline.com

pharmlink.in

phishingtraining.com

pipelinenews.net

postcardfast.com

prnewsnet.us

publicemailservice.com

qqoffi55.cc

qqoffi55.com

qquio.com

register-now.world

rwebfix.com

salesteamlink.com

scandeviceservices.com

sec-10k.com

securebankingsevices.com

securelogin-wallet.com

self-serve.co

seriouslydonotclickthis.com

sharepoint-docshare.com

shipment-confirm.com

shippingupdate.net

shopingnow.net

sn84229.co

sphotos-fbcdn.com

stubclub.co

techsupport-corp.com

thedisasterrelief.com

thisisaphishingattack.com

trackingupdate.net

tradeinternationai.com

travelresinfo.com

updamicrosoft.com

updatracking.com

user-account.online

user-account-maintenance.com

vobamobile.net

voicemailaccess.net

webfilteralert.com

www01-local.com