Purpose of Whitelisting
A correct and complete whitelisting setup is essential to ensure the full functionality of the Cyber Guru platform and the effectiveness of simulations. Whitelisting should also be applied to perimeter security systems such as antispam and firewalls.
Specifically, it allows you to:
- Receive simulated phishing attacks sent by the Cyber Guru Phishing service;
- Receive simulated smishing attacks sent by the Cyber Guru Phishing service;
- Receive functional emails (e.g., password reset) and Student Caring emails (periodic communications to encourage user participation in training programs)
- Reduce false clicks automatically generated by security systems, which can compromise the reliability of data collected during simulations;
- Properly access training video content and view landing pages for simulated attacks without blocks, slowdowns, or restrictions caused by network filters or security tools.
This guide provides general instructions intended for infrastructures other than Microsoft 365 and Google Workspace. For those, please refer to the dedicated sections with specific instructions.
Guide to configuring whitelisting on MICROSOFT 365 and MICROSOFT 365 Hint & Tips Guide
Guide to configuring whitelisting on GOOGLE WORKSPACE and GOOGLE WORKSPACE Hint & Tips Guide
1. Receiving Simulated Phishing Messages
To help security systems (such as antispam and antivirus) recognize and properly handle emails sent from the Cyber Guru platform, dedicated static IP addresses are used.
This is the IP address that must be whitelisted on all security systems and the main infrastructure: 85.235.135.191
In addition to the static IP address listed above, Cyber Guru Phishing also uses dynamic senders (domains) that may change with each send or campaign. These senders are generated from a set of predefined domains, all of which must be whitelisted.
Important: Both the IP addresses and sender domains must be configured together (AND condition) where possible, to ensure that only emails actually coming from the Cyber Guru infrastructure are accepted. A configuration based only on the sender domain, without restricting the source IP, is not secure.
|
WHERE TO FIND THE COMPLETE LIST OF DOMAINS
|
2. Receiving Simulated Smishing Attacks
The Cyber Guru platform can also send simulated attacks via SMS as part of phishing campaigns. If the customer uses an SMS filtering or protection system, it is recommended to configure it to recognize as trusted senders the names and numbers provided by Cyber Guru during onboarding.
|
WHERE TO FIND THE COMPLETE LIST OF DOMAINS
|
3. Receiving Functional and Student Caring Communications
The Cyber Guru platform can send two types of communications:
- Transactional emails, such as password recovery emails;
- Student Caring emails, designed to guide and motivate users throughout the training process (e.g., notifications about new modules being released).
To ensure these communications are received correctly, you need to configure the following addresses as trusted senders:
- support@cyberguru.eu
- no-reply@cyberguru.eu
as well as the following IP addresses:
- 159.183.238.150
- 159.183.237.241
Note: If you want to use a custom sender address (e.g., a company domain), you must contact Cyber Guru support for configuration (support@cyberguru.eu).
4. Reducing False Clicks
In phishing simulations, a click indicates a user's interaction with a link in the simulated email. In some cases, clicks may be recorded even without direct user action (false positives).
Common causes:
- Incomplete or incorrect whitelisting, which can trigger automatic systems or bots;
- Antispam filters that scan links, if not properly configured;
- Additional security layers in email filters not included in the whitelist;
- Antivirus or security software on endpoints;
- Automatic link previews on mobile devices;
- MDM systems with advanced security features;
- Emails forwarded to third parties, analyzed by sandboxes or clicked by the new recipient.
Note: If you notice unusual results during a campaign, such as click rates that are too high (up to 100%), it's possible that clicks are being generated by automated systems.
Cyber Guru pays close attention to the quality of collected data, but—as with all phishing simulation platforms—it is not possible to completely rule out that automated scanning and security tools in the customer's systems may interact with links, generating false clicks without direct user involvement.
5. Proper Access to Training Content and Landing Pages
The following domains must be authorized to allow access to training content. This whitelisting should be applied to all systems that affect web browsing (e.g., proxy, firewall, DNS filters, endpoint security solutions).
Note: These domains are only for web browsing and content access. They should not be used as bypass criteria in email security systems (antispam, email security gateway); for those, refer to sections 1 and 3 of this guide.
If a domain is preceded by an asterisk (e.g., *.domain.ext), it is mandatory to keep the asterisk format, as it is needed to include all third-level subdomains dynamically generated by the platform. If the domain is listed without an asterisk (e.g., domain.ext), just enter that, as there are no additional subdomains to authorize.
Cyber Guru Domains
| Domain | Function |
| *.cyberguru.eu | Cyber Guru platform and loading images, CSS, and other content |
| cdn.cyberguru.it | Cyber Guru content CDN |
| channel.cyberguru.it | Video streaming |
| drblhbunht495.cloudfront.net | Cyber Guru content CDN |
| d257plavcdcryb.cloudfront.net | Cyber Guru content CDN |
Vimeo Domains (Training Videos)
Training video content is delivered via Vimeo. To ensure proper playback, you need to authorize the following domains:
| Domain | Function |
| *.vimeo.com | Vimeo player and services |
| *.vimeocdn.com | Vimeo CDN |
Additional CDN Domains (Optional)
The Vimeo player uses a multi-CDN architecture that, depending on geographic location and network conditions, may deliver video content through third-party CDNs. If you experience video playback issues after authorizing the previous domains, also authorize the following domains:
| Domain | Function |
| *.akamaized.net | Akamai CDN (used by Vimeo) |
| *.cloudfront.net | Amazon CloudFront CDN (used by Vimeo) |
Cyber Guru Landing Page Domains
To ensure proper display of landing pages associated with links
in simulated phishing emails, you need to whitelist the domains listed
on the platform in the section: HELP > Support - Knowledge > Click here to download whitelisting additional informations.