Today is the first time I see a single IP address (45.71.115.59) that tries to connect to thousands of IPs to try to bruteforce login on the winbox service…
Not just a range, but thousands of IP addresses from dozens of distant pools of different AS…
Hope no one has left Winbox service open on the WAN side 
But why do you have winbox open to unknown IPs? 0o
that tries to connect
Just log attempts, not open service/port 
Is the first time I see the same IP everywhere… 
IMHO, that means some script kid logged in. Nothing else than a step backwards in terms of attack quality. Everyone knows for ages, that attacking too many targets from a single IP is a stupid thing to do.
Or the attack is a reverse one - someone wants that single address to get blacklisted, so it spoofs that address as a source of SYN packets actually sent from somewhere else to make people take action against it. Not every ISP uses source filtering to prevent spoofing.
I’m not saying it definitely is the case, I’m just saying that’s one of possible explanations.
Thanks @sindy, i do not do any action against that IP, is useless, but your point of view is what now I also think…