Just trawling through my firewall logs this evening... as ya do... and I noticed a kackload of port scans appearing to be sourced from 202.162.73.2, which resolves to www.trademe.co.nz.
Digging deeper, it turns out I've been getting at least 1000 ports scanned daily from this IP since as far back as Dec 2016!
The scans are of seemingly random ports appearing to range from 1024 to 65536, some of which are repeat scans on the same ports.
Has anyone seen anything like this before? I'll probably report this to Trademe as to my eye this looks like a compromised host, but I figured I'd run it past you guys first in case anyone can think of another explanation.
All reasonable hypothesis considered!