This article is a reference to CyberHoot’s mail relay IP Addresses and Domain names. The process of allowing phishing tests through to your end users inboxes is dependent upon your mail and spam filters. CyberHoot provides instructions and scripts on bypassing Microsofts Spam, Clutter, and Junk filters as well as adding our mail domains to the safe senders lists.
Please note that if you are using multiple filters in series, you will also need to set up X-Headers in addition to allow lists to deliver email to your end users. You may wish to run powershell scripts we have prepared to make your life easier.
CyberHoot assignments are delivered via email. Currently, all assignments flow through AWS SES, as such, there is no need to create an allow list as AWS SES reputation is excellent, but if you choose to, you can add our domain name and the following IP addresses below to the allow list.
If you are planning on sending traditional (attack-based) Phishing Tests to your clients and prospects, you will need to enable all of CyberHoot’s Email Relays shown below:
| DNS DOMAIN Names: | IP Addresses: |
|---|---|
| ch-account-2fa.com | 3.212.253.236/32 |
| ch-contact-us.com | 34.235.208.123/32 |
| ch-login-created.com | 44.209.10.205/32 |
| ch-password-reset.com | 52.200.160.242/32 |
| ch-security-alert.com | 54.164.218.52/32 |
| docunotice.com | 23.20.251.170/32 |
| messagecenters.net | 52.7.191.238/32 |
| securedinbox.net | 52.6.6.155/32 |
| notificationhub.net | 18.213.175.22/32 |
| filealert.org | 34.226.89.171/32 |
Looking for a downloadable copy of the table above in CSV format?
And here we have a comma separated list with just the domain names:
ch-account-2fa.com,ch-contact-us.com,ch-login-created.com,ch-password-reset.com,ch-security-alert.com,docunotice.com,messagecenters.net,securedinbox.net,notificationhub.net,filealert.org
Another list, this time just the IP addresses:
3.212.253.236/32,34.235.208.123/32,44.209.10.205/32,52.200.160.242/32,54.164.218.52/32,23.20.251.170/32,52.7.191.238/32,52.6.6.155/32,18.213.175.22/32,34.226.89.171/32
*As of May 8th, 2025 all of CyberHoot’s Phish testing will be sent from these IP addresses.
How to Allow-List in Barracuda SPAM Gateway and Cloud Solution
How to Allow-List in your own Personal Gmail Account
How to Allow-List in your Google Workspace
How to Allow-List in Microsoft’s M365
How to Allow-List in ProofPoint
How to Allow-List in Sophos Central (Website Management)
How to Allow-List in Microsoft O365 – Avanan
How to Allow-List in Google Workspace – Avanan
Powershell script for avoiding SPAM, Clutter, Junk in M365.
Powershell script for adding CyberHoot’s phishing domains to Safe Senders List
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...
Read more
A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read more
Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
