Scanning for AI Models, (Tue, Apr 14th)

**Active scanning for AI model credentials detected** — Multiple DShield/ISC sensors report a single IP (81.168.83.103) actively scanning since late January 2026 and probing from March 10, 2026 for files and endpoints associated with AI models and credentials (e.g., /.openclaw/secrets.json, /.claude/.credentials.json, /.cache/huggingface/token, /openai/credentials.json). The report includes an ES|QL query used to extract hits, a timeline of ~52 queries between March 10–April 13, 2026, and links to IP reputation and related write-ups; this activity indicates reconnaissance aimed at harvesting AI-related secrets and tokens.