gvt2 domain connecting to Japan, Europe, Brazil…

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: GCP & Google Security.

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I was looking at some of my monitoring systems a while back and noticed that it shows my system connecting to Japan for a gvt2.com domain:

e2c4.gcp.gvt2.com

That’s odd. Wouldn’t Google just connect me to the nearest hop on their network for updates? The other thing is, the map above wasn’t showing up for some reason. I thought that it may have been because I blocked geolocation on my laptop, but it coincidentally fixed itself when I blocked traffic to the location in Japan without changing my geolocation blocking.

Then I started looking at where all the gvt2.com domains are connecting. As it turns out it’s connecting my laptop to locations all over the world including Switzerland, Paris, Brazil, and Toronto.

Other locations in the US included Salt Lake City, Washington DC, and a location in Northern Oregon east of Portland.

Everything I’ve come across says that Google uses a “beacons” subdomain. Some of the beacons subdomains resolved to LA or San Jose which seems reasonable. However others report no location at all.

There’s an edgedl subdomain under gvt1 which I presume is a download domain for Google Chrome. That domain also does not report a location.

I didn’t really have time to investigate this further at the time. I just took a look and currently see that domain trying to connect to Australia.

I wish there was a good source that defined what all these weird domains vendors use are for…for now I am blocking the domains connecting to parts of…