Ohh! now it makes way more sense! thanks heaps for this clarification! you really deserve cookies (or internetz or kudos or whatever currency you like)!I think maybe I didn't state this entirely clearly.
vsThere was a version 6.42.5
It is confirmed that this was another case of hacked router due to a insecure firewall configuration in combination with old RouterOS version
/interface ethernet export or /interface ethernet poe export