cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Suspicious Traffic of gvt1.com

Hi All,

I have taken monthly report of top 10 application from Smart Event and I found traffic for gvt1.com among them. Risk for this URL is 0-unknown for Checkpoint.

I have researched a bit so some are saying that it is for Chrome browser update and some are saying that it is malware. Anyone has idea about this. If it is virus/malware then how we can remove it, IPS Blade has any signature for this?

0 Kudos
7 Replies
Admin
Admin

Re: Suspicious Traffic of gvt1.com

We'd have to look at the actual traffic in question to see if it's malicious or not.

0 Kudos
XBensemhoun
Silver

Re: Suspicious Traffic of gvt1.com

Hi, do you still see such traffic ? Do you have the same categorization ?

0 Kudos

Re: Suspicious Traffic of gvt1.com

Hi,

Let me check with end users. I will update.

0 Kudos

Re: Suspicious Traffic of gvt1.com

Hi,

We have Scan the machine with Antivirus from which this URL is accessed but didn't find anything. Also checked in the smart event logs and this traffic comes immediate after google services so seems to be legitimate traffic.

However I will keep an eye.

Re: Suspicious Traffic of gvt1.com

0 Kudos

Re: Suspicious Traffic of gvt1.com

Hi,

gvt1.com owner is google.com  see   https://www.whois.com/whois/gvt1.com . GVT  is an acronym for Google Video Transcoding and is used i.e. as local cache server for youtube videos and google product updates (chrome, google earth). 

I don't think google is deploying malware. Therefore it's safe to say that traffic should be fine. 

Don't trust those website saying this is a virus and offering some suspicious software to "remove" this "virus" off your systems. 

Cheers,

Alex

0 Kudos

Re: Suspicious Traffic of gvt1.com

Hi Alex/Pablo,

Thanks for the information.

0 Kudos