Could it be that something on your computer has initiated it and uPNP has added the forwarding?

@pjmarsh Thanks for the reply and yes I am beginning to think that is what is happening. Tried looking through Event viewer at all tcpip entries around the date stamp shown in the firewall log but nothing is showing at all. I need to find a way to log the connection details so I can see what is initiating the connection on my PC. Is there a way to set up a log of all uPNP connections? If I could continually log uPNP connects then I might catch an instance of the dodgy connection and hopefully I'll have a fighting chance of finding out what is initiating it. Anyone know how I go about this?

EDIT - Also what I don't get is why, if it the connection is being initiated from my PC, is it classed as an 'IN' connection on the firewall log and not an 'OUT'?

To start with If you haven't already, I'd be setting up a Windows firewall rule to block that IP (range) in both directions and then check the Windows firewall log at regular intervals. Do you need Upnp on? If not, I'd turn that off (assuming you can - I don't use the plusnet router). Once all that's done, I'd then be running a malwarebytes check, plus another AV product to scan the entire system.

@grahamn Will have a look at blocking IP through Windows firewall - I hadn't thought of that so thanks.. That should provide some protection but I have read that if this is a determined attacker they will just spoof their IP but it feels like its definitely worth a try. I did think about turning off uPNP but wasn't sure if I needed it on or not. I guess the simple answer is if I don't know then I probably don't! Gonna turn that off too and see what happens. 😲 Thanks again for the reply!