Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Suspicious Traffic of gvt1.com

Hi All,

I have taken monthly report of top 10 application from Smart Event and I found traffic for gvt1.com among them. Risk for this URL is 0-unknown for Checkpoint.

I have researched a bit so some are saying that it is for Chrome browser update and some are saying that it is malware. Anyone has idea about this. If it is virus/malware then how we can remove it, IPS Blade has any signature for this?

0 Kudos
Reply
7 Replies
Highlighted
Admin
Admin

We'd have to look at the actual traffic in question to see if it's malicious or not.

0 Kudos
Reply
Highlighted
Advisor

Hi, do you still see such traffic ? Do you have the same categorization ?

0 Kudos
Reply
Highlighted

Hi,

Let me check with end users. I will update.

0 Kudos
Reply
Highlighted

Hi,

We have Scan the machine with Antivirus from which this URL is accessed but didn't find anything. Also checked in the smart event logs and this traffic comes immediate after google services so seems to be legitimate traffic.

However I will keep an eye.

Highlighted

0 Kudos
Reply
Highlighted
Explorer

Hi,

gvt1.com owner is google.com  see   https://www.whois.com/whois/gvt1.com . GVT  is an acronym for Google Video Transcoding and is used i.e. as local cache server for youtube videos and google product updates (chrome, google earth). 

I don't think google is deploying malware. Therefore it's safe to say that traffic should be fine. 

Don't trust those website saying this is a virus and offering some suspicious software to "remove" this "virus" off your systems. 

Cheers,

Alex

0 Kudos
Reply
Highlighted

Hi Alex/Pablo,

Thanks for the information.

0 Kudos
Reply