For some time now, my Malwarebytes has kept announcing that it has blocked an attempt to access 126.96.36.199 - which is in MWB's blacklist. I checked, and it seems to be an IP address in Denmark. The certainty of this location may be in some doubt, as, when I googled it, various diverse and misleading results popped up in the search.
The MWB announcement occurred every time I started up Firefox. I therefore concluded that a FF Add-on was probably making the outgoing call - i.e., rather than FF itself.
I was going to post a query in DCF today to ask for help but have luckily discovered, by a process of elimination, that it is the FF add-on Google Reverse Image Search that is apparently making the calls.
The call to that IP address occurs every time FF is started up, without fail.
Disabling/removing the add-on causes the calls to not occur when FF is started up (all other features of FF remaining the same).
I had previously searched for that IP address string inside the files in the directory for FF and for its add-ons, but did not come up with any hits.
I would be interested if anyone has any ideas as to how you could identify/prove the source of such an outgoing call from an add-on, other than the hit-or-miss process of elimination that I employed.