Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gaurav_Pandya
Advisor

Suspicious Traffic of gvt1.com

Hi All,

I have taken monthly report of top 10 application from Smart Event and I found traffic for gvt1.com among them. Risk for this URL is 0-unknown for Checkpoint.

I have researched a bit so some are saying that it is for Chrome browser update and some are saying that it is malware. Anyone has idea about this. If it is virus/malware then how we can remove it, IPS Blade has any signature for this?

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

We'd have to look at the actual traffic in question to see if it's malicious or not.

0 Kudos
XBensemhoun
Employee
Employee

Hi, do you still see such traffic ? Do you have the same categorization ?

Information Security enthusiast, CISSP, CCSP
0 Kudos
Gaurav_Pandya
Advisor

Hi,

Let me check with end users. I will update.

0 Kudos
Gaurav_Pandya
Advisor

Hi,

We have Scan the machine with Antivirus from which this URL is accessed but didn't find anything. Also checked in the smart event logs and this traffic comes immediate after google services so seems to be legitimate traffic.

However I will keep an eye.

Pablo_Barriga
Advisor

0 Kudos
Alexander_Eck
Explorer

Hi,

gvt1.com owner is google.com  see   https://www.whois.com/whois/gvt1.com . GVT  is an acronym for Google Video Transcoding and is used i.e. as local cache server for youtube videos and google product updates (chrome, google earth). 

I don't think google is deploying malware. Therefore it's safe to say that traffic should be fine. 

Don't trust those website saying this is a virus and offering some suspicious software to "remove" this "virus" off your systems. 

Cheers,

Alex

0 Kudos
Gaurav_Pandya
Advisor

Hi Alex/Pablo,

Thanks for the information.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events