Unable to pulse - IP for client.whatpulse.org is marked as 'deceptive'


Since around the start of July, my work PC can no longer pulse as it’s failing to connect to the API client. Checked with my IT department and they report that it’s because the IP behind the hostname we try to POST the pulse to, is marked as deceptive by both Chrome and the company’s proxy (Zscaler). All my traffic is passing through that proxy transparently.

Going to from Chrome first reports this:
Google Safe Browsing recently detected phishing on [the IP]. Phishing sites pretend to be other websites to trick you.

Not sure why Google (and evidently others) are seeing things as deceptive here just because of the IP? This is all trying with https, of course.

(I know client.whatpulse.org is mostly used for POST from the client and GET from a browser isn’t necessary but including that as that’s more than likely, according to company IT, why they’re not allowing traffic to that host)

Help would be appreciated :slight_smile:

Hi Marius,

Interesting, Google didn’t report any issues in the monitoring tools I’ve set up, but I do see Chrome reporting only as deceptive, but not https://client.whatpulse.org (which is where the WhatPulse client connects). I would assume your Zscaler proxy is being overly cautious.

I’ve requested a review from Google to get the IP URL removed from their lists. They’re typically pretty quick.

Btw, it looks like we inherited this listing from a previous owner of the IP - the detailed report about the IP has nothing to do with WhatPulse. We started using this IP a few weeks ago, which aligns with your experience. Thanks for reporting!

Thanks, Martijn. It does indeed seem like this lines up with when the problem started, just after the beginning of July. Guess someone who had that IP previously did indeed have some lousy stuff behind it…

Hopefully an update on Google propagates to the pedantic Zscaler too, not sure what their source of trust is and I might have to chat with IT…

Thanks again for the quick response.

Just got confirmation from Google that they delisted the URL with the IP. I’m curious whether your Zscaler now allows the connection? :slight_smile:

1 Like

Gave it a go and can confirm that Chrome’s happy now but Zscaler is still blocking it… Maybe it needs a while for the update on Google to propagate to them too…? I’ll chat with IT as well to see if they can talk to Zscaler.

(using https with the IP just results in an instant ERR_CONNECTION_RESET)

Pulse is now successful! :partying_face: Thanks for the resolution Martijn.