so I was doing some packet sniffing using wireshark when I noticed that my laptop are consistently sending requests to www.msftncsi.com, I have no idea why this is happening all of a sudden, this is new behaviour. I've tried tracking down the application using netstat -ptc and grepping the output for matching the port last used according to wireshark. However the pid/program name only shows as a dash, leading me deeper into confusion. I've read about expressvpn causing such behaviour for some but should it not show in the name column if this was the case? The only recent program I remember installing aside from expressvpn is virtualbox which I checked with sha256sum before installing.
Any help that can lead me to find out why and from where these requests are being made are welcome. A big part of why I want this solved is to know whether it is nefarious activity or not. Also it just bugs the hell out of me not knowing what is happening.
My knowledge about network analysis is very basic so if anyone has any advice on how to get to the bottom of this I would be grateful.
Thanks in advance!
Edit:
I am running ubuntu 18.04.5 LTS and are using Mozilla Firefox with the following add-ons,
Addblocker ultimate
Facebook container
Privacy badger
It seems like oracle has been using Akami Technologies at least in the past so perhaps this is the source of the weird queries. Any ideas how to go about confirming this? I can't find to much information on google about this, maybe it is not supposed to be public knowledge?
