Router Blocking Suspicious Connection

[Tcon]

So, I recently had fiber installed at my house and switched my Jellyfin server over to the new network, and at the same time, I got a new router. I encountered some issues because the ISP keeps the external IP address private unless you pay $10 a month for a public one. So, I had to have them assign me a public one. After that, Jellyfin started working, but I began receiving messages from my router stating that it had detected a suspicious remote location attempting to connect to my Jellyfin server and that it had been blocked. I've been getting this alert every few hours or so since Jellyfin went online. I don't recognize any of the IP addresses that have been blocked. My hope is that it is just odd behavior with how the ISP handles traffic and IP addresses that is causing the alerts. What do you guys think? Is it suspicious or anything to worry about?

[T-10]

Depends. If Jellyfin doesn't work after those messages, you're probably fine and it is your ISP being weird. However, if you never use anything like a VPN/Proxy to connect to anything, it might be an issue

[Duvel]

If you want correct answers, explain your config.
Have you opened port 443 or something else ? Where does your router forward the packets on your LAN ? Do you have a reverse proxy after the router or does it points directly on the local IP and port of Jellyfin ?
Does the mysterious visitors try to enter thru your opened port(s), or others (closed)?

If those IPs dont belong to you or family/friends, you can post them here. A quick lookup will allow to find what they are, if they are legit or if they are known as malicious bots or attackers.

On a side note, It is absolutely normal to be scanned/visited. Zillions of malicious bots running in datacenters are scanning worldwide internet infrastructure 24/7 to find and/or exploit weaknesses. And that's why you have to be protected if you open your ports and have a static IP or a domain name. Your router's firewall is the first line of defense. If it blocks unwanted traffic and warns you, that's a good thing

[Tcon]

I'm kinda new to all this stuff. I followed the instructions in this YouTube video (https://www.youtube.com/watch?v=AEyhpuWeiTk&t=1182s), but basically, I installed Caddy and used Duck DNS to host it. If I remember correctly, I opened ports 443, 80, and 2019. The router forwards the packets directly to these ports on my server. I can't see, or don't know how to see, the ports the mysterious visitor is trying to access. One of the IP addresses was 194.0.234.12. Thanks for the help!

[Duvel]

I'm kinda new to all this stuff. I followed the instructions in this YouTube video (https://www.youtube.com/watch?v=AEyhpuWeiTk&t=1182s), but basically, I installed Caddy and used Duck DNS to host it. If I remember correctly, I opened ports 443, 80, and 2019. The router forwards the packets directly to these ports on my server. I can't see, or don't know how to see, the ports the mysterious visitor is trying to access. One of the IP addresses was 194.0.234.12. Thanks for the help!

So this is a malicious bot 100%

https://app.crowdsec.net/cti/194.0.234.12

If you cant open link, check my 2 images attached to see how nice it is :-)

How does it works: It targets domain names or IP addresses from a list or a sequence, and it scans specific ports or all possible ports, and tries to brute force login pages and/or exploit known vunerabilities and/or exploit misconfigured things for direct injection of malware or later exploitation by a human or another bot. That's why it is important to regularly update your systems to patch security flaws.

But as I said previously, this is normal stuff happening 24/7 to everyone, so dont panic.

For everything it tries that is not on ports 443,80 and 2019, you are covered by your router's firewall. 
For 80,443 that are landing on your reverse proxy, you have no protection on your router and rely on end-app security, Jellyfin is quite secure so its OK. But If you want to better secure that part, installing a Crowdsec bouncer on Caddy would be a good idea. However its hard if you dont know anything. Learning curve is high.

A minimum is to at least use on the Jellyfin machine a security component that detect and block brute force login attempts on your jellyfin, like Fail2Ban that reads your logs in real-time to detect denied login attempts, and block the offender IP on your machine (IPtables) after a certain threshold.

I dont know what you do with port 2019 so I cant provide guidance for that one (maybe its related to duckdns, I dont use it so I dont know and I havent watched your video)

To summarize....When you open your server's to the world, you are exposed and you have to learn what the dangers are, and even better to implement some security components. Hopefully there are plenty of good tutorials on the net