I am a web-developer. Recently I was testing an ajax script on a website. The script does some stuff, then triggers an email to the content user. The script was not properly secured in that it does not validate against anonymous usage. This is bad practise of course, and I will make a confession on codeconfessional.com later. In deploying the script I triggered the script through firefox to debug any errors. It did its stuff and I got an email as expected. However, over the last few weeks I have been getting this email again and again, and I have not been triggering the script? Finally I went to the weblogs to see what is happening. I saw that I made a request to the script on 7/10: but then the server started getting these request to the exact same script and path as I had used, but it was not me: 107.21.253.49 - - [07/Oct/2016:03:06:45 +0000] "GET /ajax-XXXXXX.php?user_id=82 HTTP/1.1" 200 12 "-" "Mozilla/5.0 (compatible; Embedly/0.2; +http://support.embed.ly/)" since then, the script has been requested about once per day, always the same request and from an amazon-ec2 IP address. The only way the embed.ly bot could have got this path is from somehow intercepting my request. So, has embed.ly managed to insert a module into my firefox browser that I am unaware of? Can someone check the firefox xubuntu/ubuntu repository code to see if there has been any code intrusions of this sort? I suspect this is a malware code intrusion.