araknoid

I join this conversation even if it's very old because I'm in the same situation but I didn't panic and I have some data that can help a possible future reader in the analysis. I logged the IP address and found it's an updated pc (Win11) my son uses. He keeps many web pages open but being the son of a computer scientist he is quite attentive to security, he has an antivirus (free) always active. Virtually the only use he makes of his PC is to watch streaming video. The sites he uses therefore could have downloaded anything in javascript and HTML 5 on his PC. I don't know one or the other so I wonder if it can happen that a web page does background scans on the local network and specifically on ssh ports without the browser being asked for authorization. But wait, none of them, in my case the PC was running Avast antivirus that contains a Wifi Inspector. This enging scan your network to find problems and report to user abount devices unchanged default password or other misconfiguring security problem.