I confirmed that when I force a login to the router's LAN IPv6 address, the IP shown in the Security Update Notification is the IPv4 representation of the last 32 bits of my client's IPv6 SLAAC address. 95ca:96e9 became 149.202.150.233.
What confuses things is the failed logins. I use a password safe and haven't got it wrong in months, maybe years.
I think we can put this to bed. You've shown the cause of the weird IPs and that is accepted. The mystery file is accepted to.
I'm rebuilding now with a new ssd, hopefully my woes are over.
Thanks for all the input guys, and sorry for stamping all over this thread. Maybe all this has provided answers for the other posters, it's certainly educated me
