Question msftconnecttest - redirect

vlad-kzm

Reputable
May 10, 2021
37
2
4,535
Hi,

This morning I started having MS Edge opening tabs by itself to this website. I’ve read it’s a Microsoft thing and the message on the web said something about the notifying the provider. So I called the ISP and the first time they said they’re having an issue but that the behaviour I’m describing is most likely a virus.

I’m an IT person and this computer in particular I treat it super safe. No executing sketchy stuff, no visiting weird websites, all software genuinely licensed.

So I thought, that can’t be right?

Tried another computer and the same thing happened.
So I called again and this time they said they have received multiple calls about this issue now.

I was concerned about the safety of my network and tried to ask them what happened, could any of my devices be compromised now, was this a DNS spoof, was this a Microsoft problem?
But they wouldn’t say. Third time I called a bit later and they said nothing happened during the morning. Really weird.

I looked at a popular forum in my country and there was a thread about this same problem.

What could have happened? Any of you know? I’m running full & offline scans with Windows Defender now but nothing pops up. Sounds like Windows had a whoopsie, or something went wrong at my ISP?

Cheers
 
Change your DNS addresses to 8.8.8.8 and 8.8.4.4 (those are Google's). Does the problem go away?
Heres the probable cause...
https://answers.microsoft.com/en-us...rects-to/5fb2fadb-a311-4726-a47a-26922d2c11e4

Heres the probable fix...
The problem went away by itself a few hours ago. It only lasted for like an hour.
It wasn’t redirecting me to any malicious site AFAIK. The redirect website was just plain text, no link no anything. The message was like I was trying to access something I wasn’t supposed to. And then it would redirect to MSN website. Whether that MSN website was legit or not, I couldn’t tell. Looked like the same cluttered mess as it always is, but I guess that’s the point of a phishing website.

The only problem I could tell was that Windows Update was acting up, it’s like everything else worked but Windows Update was stuck checking for updates like it didn’t have a connection.
In one of the computers it fixed itself eventually and the other one I had to download one of those optional preview updates which un-stuck the whole thing and it started working normally again.

I’ve done a quick scan, full scan and offline scan and nothing detected.
 
Those links or downloads below texts are usually click baits. Not sure how the algorithm works to bind them to the page, or not. Guess it didnt bind with your use case.
As long as it worked out for you...all good.
Yeah but how or why did this happen? Did the ISP get hacked and gave out fraudulent DNS, or was it some connection problem that made Windows open the browser to check for connection like this..?

If this happened again I wonder if it would help to use a network traffic monitor tool. Then to look up the logged IPs. Sorry, I have studied some security stuff but it was pretty basic and as you can see I’m a bit green. Hate knowing just enough to be worried but not enough to be certain about what happened. 😩
 
Yeah but how or why did this happen? Did the ISP get hacked and gave out fraudulent DNS, or was it some connection problem that made Windows open the browser to check for connection like this..?

If this happened again I wonder if it would help to use a network traffic monitor tool. Then to look up the logged IPs. Sorry, I have studied some security stuff but it was pretty basic and as you can see I’m a bit green. Hate knowing just enough to be worried but not enough to be certain about what happened. 😩
It is not always malicious. The msftconnecttest.com/redirect URL is a Microsoft feature used to check network connectivity, specifically when a device cannot establish a connection to the internet. It's part of Network Connectivity Status Indicator (NCSI) on Windows devices, which tests if a device can reach specific Microsoft servers. When NCSI determines there's no internet access, it might redirect to this URL to alert the user.
But just like any other MS service, it can be hijacked by malicious actors from time to time.