Certain Google-owned domains have caused Chrome users, from even the most skilled researchers to regular users, to question whether they are malicious.
The domains I am referring to are redirector.gvt1.com and gvt1/gvt2 subdomains that have spun many questions on the internet.
After receiving multiple concerned questions over the years, BleepingComputer has dug deeper into the domains' origin and whether they should be something to worry about.
What are these suspicious gvt1.com domains?
The domains *.gvt1.com and *.gvt2.com, along with their subdomains, are owned by Google and typically used to deliver Chrome software updates, extensions, and related content.
For example, when we started Chrome just now, it attempted to connect to the following domains:
http://redirector.gvt1.com/
http://r5---sn-8xgp1vo-ab5z.gvt1.com/
However, these URLs and the domain name has repeatedly caused confusion among developers and researchers due to their suspicious-looking structure:
Likewise, gvt.1com domains have been previously flagged by antivirus products as malware [1, 2] and by researchers as an Indicator of Compromise (IOC) [1, 2, 3].
Moreo ..
Support the originator by clicking the read the rest link below.
