Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gaurav_Pandya
Advisor

Suspicious Traffic of gvt1.com

Hi All,

I have taken monthly report of top 10 application from Smart Event and I found traffic for gvt1.com among them. Risk for this URL is 0-unknown for Checkpoint.

I have researched a bit so some are saying that it is for Chrome browser update and some are saying that it is malware. Anyone has idea about this. If it is virus/malware then how we can remove it, IPS Blade has any signature for this?

0 Kudos
Reply
7 Replies
PhoneBoy
Admin
Admin

We'd have to look at the actual traffic in question to see if it's malicious or not.

0 Kudos
Reply
XBensemhoun
Advisor

Hi, do you still see such traffic ? Do you have the same categorization ?

0 Kudos
Reply
Gaurav_Pandya
Advisor

Hi,

Let me check with end users. I will update.

0 Kudos
Reply
Gaurav_Pandya
Advisor

Hi,

We have Scan the machine with Antivirus from which this URL is accessed but didn't find anything. Also checked in the smart event logs and this traffic comes immediate after google services so seems to be legitimate traffic.

However I will keep an eye.

Pablo_Barriga
Advisor

0 Kudos
Reply
Alexander_Eck
Explorer

Hi,

gvt1.com owner is google.com  see   https://www.whois.com/whois/gvt1.com . GVT  is an acronym for Google Video Transcoding and is used i.e. as local cache server for youtube videos and google product updates (chrome, google earth). 

I don't think google is deploying malware. Therefore it's safe to say that traffic should be fine. 

Don't trust those website saying this is a virus and offering some suspicious software to "remove" this "virus" off your systems. 

Cheers,

Alex

0 Kudos
Reply
Gaurav_Pandya
Advisor

Hi Alex/Pablo,

Thanks for the information.

0 Kudos
Reply