Switched the PC on this eve when I got home today and Firefox being my default web browser loaded. Note I had NOT clicked on it, something had requested a URL which resulted in being presented with the MSN website.
Thought I had been infected or had my home hijacked but no, it turned out to be a known M$ bloody service (Active internet probing service - NCSI) that tried to access a blocked (by pi-hole) url (http://www.msftncsi.com/ncsi.txt). NCSI then for whatever reason requested the bloody MSN page. What I don’t understand is why open the MSN page when access to the other URL was blocked, what could M$ gain from that?
As I despise bing & msn, I have just blacklisted both of them in pi-hole.
More info about this -