logs contain thousands of “POST”

First I would like to say Thank you for this plugin! It appears to have significantly limited the amount of login attempts we used to get.

I am just curious, I am going through our logs and I see 5500+ “POST /xmlrpc.php” attemps from the same IP address in a 1 Hour time period. Closer inspection revealed a total of 4 incidents over a 2 week period where this happened from different IP addresses.
Why is the plugin not blocking these IP’s? I can see several instances in the same time period when there are 4 attempted logins and than they are blocked so I am confident the plugin worked in these instances.