Skip to main content

IP Whitelisting for Thunder Code

Ines avatar
Written by Ines
Updated over a month ago

Overview

To enable Thunder Code's AI-powered testing platform to access and test your web application, you may need to whitelist our IP addresses depending on your security configuration. This document outlines when IP whitelisting is required and provides the necessary IP addresses for each of our testing locations.

When IP Whitelisting is Required

You'll need to whitelist Thunder Code's IP addresses in the following scenarios:

1. Firewall Restrictions

  • Your web application is protected by a firewall that blocks traffic from unknown IP addresses

  • Corporate firewalls with strict inbound/outbound traffic policies

  • Cloud-based security groups (AWS Security Groups, Azure NSGs, GCP Firewall Rules) with restrictive access rules

2. Geographic Access Controls

  • Your application implements geo-blocking or geo-fencing restrictions

  • Content delivery networks (CDNs) with geographic access limitations

  • Regional compliance requirements that restrict access to specific countries or regions

3. Rate Limiting and DDoS Protection

  • Web Application Firewalls (WAF) like Cloudflare, AWS WAF, or Akamai with aggressive rate limiting

  • DDoS protection services that may flag automated testing traffic as suspicious

  • API rate limiting that could block our testing requests without proper IP recognition

4. IP-Based Authentication

  • Applications that use IP-based allowlisting as part of their authentication mechanism

  • B2B platforms that restrict access to known client IP ranges

  • Admin panels or staging environments with IP-based access controls

5. Corporate Network Access

  • Applications hosted on private corporate networks

  • VPN-protected environments that require specific IP ranges

  • Intranet applications with network-level access restrictions

6. Compliance and Security Policies

  • Applications in regulated industries (finance, healthcare, government) with strict access controls

  • SOC 2, ISO 27001, or other compliance frameworks requiring IP allowlisting

  • Zero-trust security models with explicit IP-based access policies

7. Load Balancer and Reverse Proxy Configurations

  • Load balancers configured with IP-based routing or filtering

  • Reverse proxies (nginx, Apache) with IP restriction modules

  • API gateways with IP-based access control policies

Thunder Code IP Addresses by Location

If you'd like to perform all of your tests from 1 single location (example Amsterdam), you can whitelist only that specific IPs.

Amsterdam (Europe)

● 52.143.181.242 
● 152.42.138.139 
● 157.245.73.238 
● 167.71.77.118 
● 167.71.74.138 
● 157.245.70.98

London (Europe)

● 52.143.181.242 
● 134.209.180.180 
● 134.209.189.197 
● 134.209.188.237 
● 134.209.186.0 
● 134.209.187.201 
● 134.209.186.65 
● 209.97.186.36 
● 167.172.61.214 
● 46.101.92.250 
● 46.101.87.212 
● 134.209.25.165 
● 134.209.25.209 
● 134.209.25.215 
● 134.209.17.68 
● 134.209.17.100 
● 134.209.25.201 
● 134.209.17.116 
● 134.209.25.53 
● 144.126.204.196 
● 134.209.25.97

San Francisco (North America)

● 52.143.181.242 
● 146.190.53.75 
● 146.190.53.72 
● 146.190.175.184 
● 147.182.250.161 
● 164.92.125.142 
● 164.92.125.134 
● 146.190.143.216 
● 146.190.127.114 
● 146.190.143.212 
● 24.199.123.163 
● 24.199.111.199 
● 146.190.159.230 
● 146.190.159.176 
● 24.199.103.126 
● 159.223.205.248 
● 137.184.226.226 
● 146.190.159.171 
● 24.144.81.223 
● 137.184.235.213 
● 146.190.139.82 
● 164.92.125.23 
● 159.223.205.48 
● 146.190.159.67 
● 164.92.125.19 
● 146.190.130.128 
● 137.184.179.6 
● 137.184.178.146 
● 164.92.109.217 
● 164.92.109.12 
● 143.198.129.119 
● 165.232.140.251 
● 24.199.105.203 
● 143.198.111.152 
● 143.198.99.228 
● 24.144.94.186 
● 146.190.53.55 
● 164.90.145.42 
● 143.198.99.72 
● 146.190.53.52 
● 144.126.211.154 
● 143.244.181.136 
● 146.190.57.39 
● 144.126.220.231 
● 143.198.131.227 
● 143.244.188.238 
● 147.182.203.53 
● 146.190.143.211 
● 146.190.131.136 
● 24.199.115.166 
● 137.184.12.124 
● 209.38.79.187 
● 209.38.68.13 
● 209.38.74.36 
● 164.92.95.6 
● 209.38.75.204 
● 209.38.67.232 
● 209.38.70.84 
● 209.38.73.120 
● 143.198.129.120 
● 143.198.136.242 
● 146.190.114.39 
● 146.190.118.62 
● 146.190.59.199 
● 146.190.116.90 
● 146.190.34.116 
● 64.23.239.117 
● 64.23.238.239 
● 64.23.235.163 
● 64.23.238.31 
● 64.23.238.124 
● 64.23.232.196 
● 64.23.234.46 
● 164.90.159.169 
● 164.90.155.253 
● 64.23.235.171 
● 64.23.215.208 
● 64.23.167.192 
● 64.23.215.190 
● 137.184.3.181 
● 143.198.109.32 
● 146.190.44.51 
● 161.35.229.21 
● 161.35.229.77 
● 161.35.237.149 
● 161.35.233.103

Testing Connectivity

Once you've whitelisted our IP addresses, you can verify connectivity by:

  1. Checking your application logs for successful requests from Thunder Code IPs

  2. Running a preliminary test in the Thunder Code platform

  3. Monitoring your firewall/WAF logs to ensure our requests aren't being blocked

This document is updated regularly. Please check back for the latest IP addresses and requirements.

Did this answer your question?