Tootfinder

Today's problem: #Debian on a LAN address, had been using it for a few weeks with Zoneminder and slskd running, attempted to install Nextcloud, so added Apache2 and php-fpm, the only mucking about I did, only today it triggers Fail2Ban on my proxy/dns server. On reboot, gets banned even before login is offered! clear the ban, it's back again within a minute.
nstreams shows six of these in a row, all to different 5-digit ports:
Unknown tcp traffic between 0.0.0.0:0 and 192.168.0.13:54320
whatever it is, however I triggered it, it is offensive to #fail2ban and #ufw.
to be fair, I was trying something funky with Nextcloud accessed directly within the lan, proxied by the dnsmasq server for outside, not as simple as I'd expected, but with all that turned off and no login, it still happens.
oh, wait: the proxy host has vhost forwarding config, which yes, was broken, and when I dissite'd that, I have not been banned since! I wonder if I will ever know why 😅
#ontothenextmystery