Category Archives: Internet

What Is msftconnecttest.com ?

You have found this web page because you want to know what the domain msftconnecttest.com is and who owns it.

We can confirm this URL is used by Microsoft Windows 10 and above to test if you have a working internet connection.

Windows has an internal component for network connectivity changes detection called “Network Connectivity Status Indicator” (NCSI as known). This component, among other tasks, performs a background testing to determine if the machine has Internet connectivity, engages his brother, the Network Location Awareness (or NLA), to identify if it’s in a domain or a public network to define the proper firewall profile, etc.

There is two URL’s associated to connectivity checks they are msftconnecttest.com and msftncsi.com



Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What Is msftncsi.com ?

You have found this web page because you want to know what the domain msftncsi.com is and who owns it.

We can confirm this URL is used by Windows 8.1 and earlier to test if you have a working internet connection.

Windows has an internal component for network connectivity changes detection called “Network Connectivity Status Indicator” (NCSI as known). This component, among other tasks, performs a background testing to determine if the machine has Internet connectivity, engages his brother, the Network Location Awareness (or NLA), to identify if it’s in a domain or a public network to define the proper firewall profile, etc.

There is two URL’s associated to connectivity checks they are msftconnecttest.com and msftncsi.com




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What Is sophosxl.net

The domain *.sophosxl.net is the Sophos eXtensible List domain and is used by the Web Proxy and Antivirus for security and categorization lookups using HTTP and DNS queries on Sophos products.

SXL uses ports 80 and 53




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is cse.google.com

The web address cse.google.com is a legitimate part of Google search, known as “Custom Search” however there are plenty of browser hijackers who abuse this feature to generate revenue from Google.

Example of cse.google.com search results

This type of browser hijackers are often bundled with other free software that you download off of the Internet. Some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed adware without your knowledge.

With Google Custom Search the person who created it has the option to set the custom search engine to search the entire web, similar to a normal search on Google.com and they can earn money from Ads.



 

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is ijinshan.com

The domain ijinshan.com appears to be related to malware, we have seen this and detected it a number of times now.

The domain is hosted in China, and we have seen quite a lot of phones with malware that trace back to this host.

Known Applications

The following applications are known to host the malware associated to this domain (to be updated)

KBatteryDoctor

Battery_Doctor_(Battery_Saver)

Known Subdomains

www.ijinshan.com
did.ijinshan.com  – Confirmed Win32.Trojan.Jadtre
m.ios.ijinshan.com
login.ijinshan.com
union.ijinshan.com
i.ijinshan.com
pay.ijinshan.com
t.ijinshan.com
zj.ijinshan.com
skin.ijinshan.com
d.union.ijinshan.com – Confirmed Troj/Small-EUU (Details from Sophos here)
cloudlib.ijinshan.com
dl.dc.ijinshan.com
dl.app.ijinshan.com
zj.ios.ijinshan.com
zt.ijinshan.com
baike.ijinshan.com
img1.ijinshan.com
u.ijinshan.com
app.ijinshan.com
url.ijinshan.com
file.ijinshan.com
wap.ijinshan.com
app.sjk.ijinshan.com
dl.sj.ijinshan.com
cdndownload.liehu.ijinshan.com
cloudapp.softlib.ijinshan.com
bj.download.ijinshan.com
softdl.ijinshan.com
fish.ijinshan.com
cs.weishi.ijinshan.com
peifu.ijinshan.com
ijinshan.com
code.ijinshan.com
zs.ijinshan.com
m.ijinshan.com
rz.ijinshan.com
client.ijinshan.com
mail.ijinshan.com
buding.ijinshan.com
software.ijinshan.com
box.wan.ijinshan.com
apns.ios.ijinshan.com
vip.ijinshan.com
gamebox.ijinshan.com
per.ijinshan.com
dl.ijinshan.com
wxservice.ijinshan.com
f.ijinshan.com




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

How To Fix ERR_TOO_MANY_REDIRECTS – Google Chrome – Published Website

ERR_TOO_MANY_REDIRECTS error message via Google Chrome

This issue usually happens when you are redirected from the original URL to a new one but you unfortunately fall in to an infinite redirect loop. The Chrome browser detects this situation, and it breaks the loop and shows the error message. The reason why you are stuck in this loop can be the problem of the server or of the end user.

Note, if your testing this situation on IE, Edge or Firefox you would normally get a page not found with no indication of what the issue is.

End User

Try to clear the cache and cookies in Chrome – details here

Test with other web browsers.

Check system date and time is correct.

IT Professional / Web Developer

If you’re a web developer or IT professional who has this problem and you created or have access to the way this website is published then it could be that the site is HTTPS with a HTTP to HTTPS redirect somewhere, usually on the firewall or maybe in IIS.

Ensure that you pass HTTPS all the way through the publishing chain.  Remember it is common to find the HTTP to HTTPS redirect on the publishing rule, but HTTP to talk to the real web server and then HTTP and HTTPS on the real web server.

So :-

  • Web publishing rule is HTTP with HTTPS redirect
  • Talking to the internal webserver is HTTP ( Change this to HTTPS )
  • Internal webserver is HTTP and HTTPS

ERR_TOO_MANY_REDIRECTS

ERR_TOO_MANY_REDIRECTS





 

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is gstatic.com

There is a lot of talk on the forums and online in general about what gstatic.com is and who own’s it. I have seen many posts online where people say this domain is hosting malware/viruses/spyware I hope to clear a few things up in the post regarding this domain.

There is a lot of fake websites that say this hosts viruses and gives details on how to remove them, please ignore those sites they are fake.

To start with this domain is owned and operated by Google – Domain data lookup here.

Google uses this domain to off-loaded static content (JavaScript code, images and CSS) to a different domain name in an effort to reduce bandwidth usage and increase network performance for the end user.

gstatic.com is a cookieless domain to deliver static content for Google.  One benefit of hosting static components on a cookie-free domain is that some proxies might refuse to cache the components that are requested with cookies.

Content loaded from ssl.gstatic.com and www.gstatic.com do not use client-side tracking methods.

Known subdomains

fonts.gstatic.com
maps.gstatic.com
csi.gstatic.com
metric.gstatic.com




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is llnwd.net

llnwd.net is a domain used by customers of the Limelight Networks content distribution network (CDN), they host content such as downloads and streaming media for companies like EA Games, BBC and Microsoft.

You will probably notice a lot of internet traffic going to this domain, that is because it hosts streaming content etc.  So, for example you visit bbc.co.uk and listen to the radio online for 1 hour you will only get say 5MB of traffic to bbc.co.uk but 50MB of traffic to the llnwd.net domain.

WhoIs information for this domain can be found here.

Example BBC URL you might see in any proxy or firewall logs :-

https://vs-hds-uk-live.bbcfmt.hs.llnwd.net/

The official direct website for Limelight Networks is https://www.limelight.com/

This website is safe and contains no malicious content – for an updated check on this site click here




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What Is gvt3.com

There is a lot of talk on the forums and online in general about what gvt3.com is and who own’s it.  I have seen many posts online where people say this domain is hosting malware/viruses/spyware I hope to clear a few things up in the post regarding this domain.

Who own’s this domain name ?

This domain is owned by Google – Full lookup details here

What is this domain used for ?

Google services – To be confirmed …

Subdomains

We have identified the following subdomains associated to this site :-

beacons5.gvt3.com

Does this domain host malware/viruses/spyware ?

As far as I can tell no.  It is owned by Google.  I have seen this domain in our customers proxy logs and we have checked it ourselves and can see no evidence that it is linked to anything other than Google services.

If you are looking for information on gvt1.com then click here if you are looking for information on gvt2.com click here.




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is gvt2.com

There is a lot of talk on the forums and online in general about what gvt2.com is and who own’s it.  I have seen many posts online where people say this domain is hosting malware/viruses/spyware I hope to clear a few things up in the post regarding this domain.

Who own’s this domain name ?

This domain is owned by Google – Full lookup details here

What is this domain used for ?

Google services – To be confirmed …

Subdomains

We have identified the following subdomains associated to this site :-

beacons.gcp.gvt2.com
beacons.gvt2.com
beacons2.gvt2.com
beacons3.gvt2.com
beacons4.gvt2.com
beacons5.gvt2.com

Does this domain host malware/viruses/spyware ?

As far as I can tell no.  It is owned by Google.  I have seen this domain in our customers proxy logs and we have checked it ourselves and can see no evidence that it is linked to anything other than Google services.

If you are looking for information on gvt1.com then click here if you are looking for information on gvt3.com click here.





+

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.