Proofpoint Security Awareness Training uses a variety of systems to communicate to devices within your network and deliver email messages to your end users. This guide documents the IP addresses, domains and URLs used to deliver this information. This document should be provided to your email or security administrators to ensure reliable communications.  


Notes


  • Only perform safelisting for your licensed Proofpoint Security Awareness Training products. 
  • Only safelist the IPs and domains for your hosted location.  If you aren’t sure of your hosted location, please contact [email protected].


Training Notifications


Proofpoint recommends that Training Notifications are sent with a “From:” address that uses your organization’s domain name. This email address will be more familiar to the user and allow the user to easily reply to the message, should they have questions. Before we can send emails using your domain name, you must contact your mail administrator as most email systems restrict email using your organization’s domain name to authorized mail servers. To allow email from our servers using your organization’s domain name, we recommend asking your email administrator to make the following changes: 


  • Add the appropriate IP addresses to your SPF records and your email filter safelist 
  • securityeducation.com is a domain that can also be safelisted for web filtering 


Training Platform


  • 54.229.2.165 
  • 52.30.130.201 


In order to have the uploaded images from the Training Platform automatically downloaded within Outlook, we recommend safelisting the following domain and adding it to the Trusted Sites (located under the Security Tab in Internet options in IE): platform-web-eu.securityeducation.com


Phishing Assessment


To ensure users are provided a realistic assessment, we recommend safelisting the following IP addresses to allow for simulated Phishing attacks to be sent to your end users:


These IP addresses will need to be added to your SPF record:

  • 52.17.45.98 
  • 52.16.190.81


Phishing stock images are hosted at tslp.s3.amazonaws.com.  These images are embedded in Attachments and Teachable Moments.  Safelisting this domain in your firewall or proxy server will ensure these images are displayed to your end users.  Custom images are images that the Phishing Admin has uploaded to personalize their Phishing campaign and are stored at the following domain:  ts-eu-uploads.s3.amazonaws.com.  The following Additional Phishing Administrative Resource URL can be safelisted to ensure proper delivery of all assets including text content, graphics, photographs, videos, audio files, and databases: d2k53c71t1ovai.cloudfront.net.


Phishing Domains 


Below is a list of phishing domains you may utilize in your Phishing campaigns. We recommend that you provide this list to your IT or security administrators to ensure that your users will be able to access the Teachable Moment seamlessly from within your organization’s network.   


Note: Many default Phishing templates include a sub-domain. Therefore, if you are safelisting by domain, you may wish to wildcard it. For example, you would safelist “*.proofpoint.com” instead of safelisting “proofpoint.com” to ensure that all sub-domains are included.


Phishing Teachable Moments will also make calls to the following URLs: 


https://tslp.s3.amazonaws.com 

https://java.com 

https://ajax.googleapis.com 

https://fonts.googleapis.com 

https://tscontent.s3.amazonaws.com 

https://d2wy8f7a9ursnm.cloudfront.net

https://dp4eiskq7iesj.cloudfront.net


Domains for EU


4ooi.co.uk

4ooi.net

accountsmaintenance.com

accounts-receivable.online

admissionshelpu.com

adobe-0nline.net

adobedocuments.com

aibaba-deals.com

amazoon.site

annualenroll.net

bancaire.co.uk

bancaire.org

beingthebestU.com

bizsolutions-int.co.uk

bizsolutions-int.com

breaking-news-network.co.uk

breaking-news-now.net

business-services.site

c0ncursolutions.com

cardservices.vip

citydiscounts.org

cloud-store.space

coffeetooyourdesk.com

combase.io

Committee4StrongLeadership.org

contract-sign.site

corpbenefitplan.net

corp-internal.co

corpinternal.org

corp-internal.org

corpoutlook.co.uk

corp-password-mangemet.com

corp-password-mangemet.fr

corp-password-mangemet.us

cyber-sale.com

dcscanscation.net

decision2016.online

detailswire.net

docsign-online.net

docs-sharepoint.com

dodgylink.co.uk

domainte.com

donatesolutions.live

dropboxlink.net

dynssi.net

eatandreward.com

educationresource.store

egencia-website.com

electioninfo.news

electionsdecision.net

emaildistro.net

emailquarantine.net

enegry.info

entwurf-laden.com

epayroll.solutions

eservce.biz

e-servce.biz

eservce.co.uk

eservce.fr

eservce.net

event-planer.com

exch01-corp.net

firstfedtrust.us

flightstatalert.net

flight-status-alert.com

flight-status-alert.me

freeenergypress.org

fundingsource.world

giftgreeting.com

global-bancaire.com

gotwebinar.org

gov-services.net

grnail.online

healthline.care

hpdocument.net

hr-internal.co

hrmc.me.uk

ibwalletsecurelogin.com

InformedVoterLeague.org

info-week.biz

internalitsupport.net

investmentsecuresite.com

k-trafficxmj.co

k-trafficxmj.co.uk

k-trafficxmj.com

linkedincdn.co.uk

linkedincdn.net

linkedincdn.us

loanpaymentservices.com

localhostlocaldomain.net

mailcenter-alert.net

mail-center-alert.net

mail-delivery-system.info

maliciousfile.com

maliciousfile.download

matchesonline.org

meeting-reminder.net

metflix.pw

micrasoft-395office.com

micrasoft-onedrive.com

myensurance.services

mypayrollservice.net

NationalCouncil4not-for-profits.org

olympicresults.site

onlinebankingsevices.com

online-docshare.com

p183321.net

package-track.com

package-track.info

password-update.me

payqal-login.com

phishingtraining.eu

ransomware.website

recruitpros.co

register-now.net

rnetflix.io

scandoc-center.com

security-education.net

self-serve.ltd

shipping-notification.info

shopingnow.store

shoppingbuyrewards.com

sportstoday.life

sso-local.net

stubclub.net

swift-track.co.uk

swift-track.info

techsupport-corp.net

thedisasterrelief.net

therecruitpro.net

trackingupdate.site

user-account.net

verifier-sure.com

vobamobile.co

xerox-scandevice.com

yggui.de

yggui.li

youarebeingphished.com

yourexpo.co.uk