This represents an experimental attempt to capture illicit portscans, worms and botnets, and intrusion attempts.
This captures activity on the telnet port of a London-based Digital Ocean droplet. It captures logins, passwords, and then shell commands issued once logged in. These appear to consist almost exclusively of automated attacks, mostly by the Mirai botnet and/or variants thereof. There is, however, some diversity. In some cases, scripts are poorly written without timeout/retry limits. I am happy to be a sand trap!
This represents a standard Internet connection in the United States. iptables logs inbound connections on assorted ports contained in the /etc/service file. As no servers are hosted here, all of these represent portscans, worms and botnets, and intrusion attempts. In several cases, they represent scans by researchers. No attempt is made to ascertain the purpose or payload of such hits, some of which are (as in the case of researchers) benign.
These reports represent one day of activity (the previous day) and should be representative of what most people experience on their home Internet connections.