MAL-2026-4753

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (f1490f970bd52c80c89f33029f9e875f1fb595014621d50e0ce87a167d1cd348) setup.py installs a site-wide.pth file (gt_tester_exp_profiler_exp_00000017_probe.pth) into site-packages that imports the package's probe module and calls run_probe() at every Python interpreter startup. probe.py performs a plaintext HTTP GET to the bare IP 104.236.116.157 with a per-call random hex tag, fingerprinting the installer's machine to a third party on every Python invocation — not just when the package is explicitly imported. The User-Agent string claims an 'Academic research study' but no consent is obtained at install or runtime. Package metadata is a generic placeholder with no author, homepage, or publisher identification, and the destination is a bare IP not associated with any declared publisher. The.pth mechanism converts what would be an import-time call into persistent host beaconing across every CI job, virtualenv activation, and script execution on the machine.