The author noticed their system connecting to various international locations (Japan, Europe, Brazil, etc.) through the domain e2c4.gcp.gvt2.com, a Google domain. This raised concerns as Google typically uses local connections for updates. Blocking geolocation on their laptop initially hid the connection but the issue resolved itself after blocking traffic to the Japanese location.
Further investigation revealed connections to multiple locations worldwide, including Switzerland, Paris, Brazil, Toronto, and several US locations.
The author noted that Google uses 'beacons' subdomains, some resolving to expected locations (LA or San Jose), while others reported no location at all. Similarly, the edgedl subdomain under gvt1 (presumed Chrome download domain) didn't provide a location.
Due to time constraints, the author couldn't fully investigate the purpose of these domains. They currently block connections to certain locations.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: GCP & Google Security.
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I was looking at some of my monitoring systems a while back and noticed that it shows my system connecting to Japan for a gvt2.com domain:
e2c4.gcp.gvt2.com
That’s odd. Wouldn’t Google just connect me to the nearest hop on their network for updates? The other thing is, the map above wasn’t showing up for some reason. I thought that it may have been because I blocked geolocation on my laptop, but it coincidentally fixed itself when I blocked traffic to the location in Japan without changing my geolocation blocking.
Then I started looking at where all the gvt2.com domains are connecting. As it turns out it’s connecting my laptop to locations all over the world including Switzerland, Paris, Brazil, and Toronto.
Other locations in the US included Salt Lake City, Washington DC, and a location in Northern Oregon east of Portland.
Everything I’ve come across says that Google uses a “beacons” subdomain. Some of the beacons subdomains resolved to LA or San Jose which seems reasonable. However others report no location at all.
There’s an edgedl subdomain under gvt1 which I presume is a download domain for Google Chrome. That domain also does not report a location.
I didn’t really have time to investigate this further at the time. I just took a look and currently see that domain trying to connect to Australia.
I wish there was a good source that defined what all these weird domains vendors use are for…for now I am blocking the domains connecting to parts of…
If you often open multiple tabs and struggle to keep track of them, Tabs Reminder is the solution you need. Tabs Reminder lets you set reminders for tabs so you can close them and get notified about them later. Never lose track of important tabs again with Tabs Reminder!
Try our Chrome extension today!
Share this article with your
friends and colleagues.
Earn points from views and
referrals who sign up.
Learn more