What is this? "local or remote attacker: 2"

Norton Security | Norton Internet Security
1

Hi community,

This is showing up in my security history...

IPS Detection Statistical Submission,"Signature ID: 12041  <br>Local or Remote Attacker: 2  <br>Remote Port: 80  <br>Local Port: 50698  <br>Protocol: 6  <br>Signature Set Version: 20240404.064  <br>Application Name: \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE  <br>Offending URL: http://151.139.63.102/filestreamingservice/files/0508a153-c673-4c91-9a73-ef4371d238f4?P1=1712277878&P2=404&P3=2&P4=BzbknCGRkByDJdvcvGYpbrpPg6QYqaCfnbCIu7ETx%2fsKCd1KhKCstOjLx3klIviLRPYdd9Mt7YJivIqu%2fuiTog%3d%3d&cacheHostOrigin=1D.tlu.dl.delivery.mp.microsoft.com  <br>Date Detected: Fri, 05 Apr 2024 00:35:30 GMT  

This is one of many varying ISP submissions logged in my Security History, even after a clean install and password reset with Norton and scan with Malwarebytes. Norton chat teams transferred me to 6 people and no one could tell me what's going on.

Appreciate any insights.


 

2

@the-smiths-hsin Just following up to see what your status is with the original issue, and if we can assist further.

SA

3

You're most welcome!!

SA

4

Thank you SA

 

5

All: The IP that was posted resolved to Georgia in the Atlanta area at one of Stackpath cloud services. The firm belongs to Stackpath which is based in Texas.

https://www.ip-tracker.org/lookup.php?ip=151.139.63.102

Since you stated you are getting other ISP/IP submissions as well you should also have a look at your router and whether it has the latest firmware. There are also logs within the router interface which should have the information regarding what you are seeing. You may also want to do a factory reset on your router or ISP device to ensure it hasn't been compromised. Changing all default login credentials and passwords.

SA

 

6

Thanks bjm_

I installed Malwarebytes after the clean install and the result was clean. Thanks for the tip about free 1:1 help.

7

Were my machine and I wanted reassurance.
I'd ask Malwarebytes Malware Removal Help Forums to check my machine.  

Malwarebytes offers free second opinion on-demand scanner. 
Malwarebytes offers free self-help guides. 
Malwarebytes offers free one-on-one malware removal assistance.
Malwarebytes staff & experts help all.  Malwarebytes subscription is not required. 

Malware Removal Help Forums dedicated to cleaning infected devices. Get personalized help removing adware, malware, spyware, ransomware, trojans, viruses and more from tech experts. Follow the instructions in the pinned topics first. All assistance here is used at your own risk and we take no responsibility should there be damage to the system in question.

8

Thanks bjm_

Norton agents couldn't relay any of this information or say one way or another if there's a risk after hours spent chatting with multiple people who kept asking the same questions.

9

fwiw ~
IPS Detection Statistical Submissions are Norton Community Watch submissions.  
for example: 
https://community.norton.com/en/comment/8531331#comment-8531331

```````````````````````````````````````````````````

http://151.139.63.102/filestreamingservice/files/0508a153-c673-4c91-9a73...

png_18887_0.png

https://www.virustotal.com/gui/ip-address/151.139.63.102/relations