Today is the first time I see a single IP address (45.71.115.59) that tries to connect to thousands of IPs to try to bruteforce login on the winbox service...
Not just a range, but thousands of IP addresses from dozens of distant pools of different AS...
Hope no one has left Winbox service open on the WAN side