This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gaurav_Pandya
Advisor
‎2018-02-16 10:10 AM

Suspicious Traffic of gvt1.com

Hi All,

I have taken monthly report of top 10 application from Smart Event and I found traffic for gvt1.com among them. Risk for this URL is 0-unknown for Checkpoint.

I have researched a bit so some are saying that it is for Chrome browser update and some are saying that it is malware. Anyone has idea about this. If it is virus/malware then how we can remove it, IPS Blade has any signature for this?

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2018-02-16 01:02 PM

We'd have to look at the actual traffic in question to see if it's malicious or not.

0 Kudos
XavierBens
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2018-02-18 05:07 PM

Hi, do you still see such traffic ? Do you have the same categorization ?

Cybersecurity Evangelist, CISSP, CCSP, CCSM Elite
0 Kudos
Gaurav_Pandya
Advisor
‎2018-02-19 04:35 AM
In response to XavierBens

Hi,

Let me check with end users. I will update.

0 Kudos
Gaurav_Pandya
Advisor
‎2018-02-20 03:12 AM
In response to Gaurav_Pandya

Hi,

We have Scan the machine with Antivirus from which this URL is accessed but didn't find anything. Also checked in the smart event logs and this traffic comes immediate after google services so seems to be legitimate traffic.

However I will keep an eye.

Pablo_Barriga
Advisor
‎2018-10-22 10:54 PM
In response to Gaurav_Pandya

Hello so far those sites are used to update chrome. 

https://productforums.google.com/forum/#!topic/chrome-admins/I5WLpuxclI4;context-place=topicsearchin...

0 Kudos
Alexander_Eck
Explorer
‎2018-10-22 10:10 PM

Hi,

gvt1.com owner is google.com  see   https://www.whois.com/whois/gvt1.com . GVT  is an acronym for Google Video Transcoding and is used i.e. as local cache server for youtube videos and google product updates (chrome, google earth). 

I don't think google is deploying malware. Therefore it's safe to say that traffic should be fine. 

Don't trust those website saying this is a virus and offering some suspicious software to "remove" this "virus" off your systems. 

Cheers,

Alex

0 Kudos
Gaurav_Pandya
Advisor
‎2018-10-23 05:48 AM

Hi Alex/Pablo,

Thanks for the information.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events