Good job researching those pesky brute force scans. Is there anyway you can post the complete list with all the data collected instead of just the top 50?
Nice analysis.<p>[advice for those not doing it right]: if your sshd config allows id/pw login, turn this off and only use kays. Also, move your sshd listener port to something besides 22 to eliminate most of the bot login attempts in your log files.
I wonder if the lack of root:alpine and mobile:dottie indicates the attack tools are smart enough to know the OS of the box they're attacking, or just a lack of interest in owning jailbroken iPhones?