Here is 2 examples - got an email alert that this IP attempted a login using admin.
From Website logs:
184.173.116.98-static.reverse.softlayer.com - - [11/Jun/2014:11:33:40 -0400] "POST /wp-login.php HTTP/1.0" 200 1763 "http://www.google.com/" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.14"
Email Alert:
The last username they tried to sign in with was: 'admin'
User IP: 184.173.116.98
User hostname: 184.173.116.98-static.reverse.softlayer.com
-------
On another WP website:
contour.websitewelcome.com - - [11/Jun/2014:11:33:38 -0400] "POST /wp-login.php HTTP/1.0" 200 1763 "http://www.google.com/" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.14"
Email Alert:
The last username they tried to sign in with was: 'admin'
User IP: 192.185.12.182
User hostname: contour.websitewelcome.com