@John_Oster, I assume you have set up port forwarding to use ARC. Your ISP should really say “potential attack” since they block the suspicious IPs before it queried your modem. Nonetheless, open ports are frequently scanned by bots seeking vulnerabilities, but this doesn’t mean an “attack” is successful (the analogy is someone knocking on your front door and no one answers.)
No, I don’t use ARC. I figured it must be a broad attempt to find a port, but it’s odd the alert mentioned the Nucleus rather than my PC. I used the word “attack,” not my ISP.
Interesting, probably your router reports to your ISP what devices you have at specific private IP addresses, because how else would they know. It’s probably just the local device name of the IP address for which the router has a port forwarding rule enabled (for ARC), as the Nucleus Plus identifies under that name to the router’s local name service.