My FTP server logs login failures.  This directory contains a list of
such failures extracted from my logs, updated nightly.  There are two
kinds of files: `live' files and `historic' files, I might call them.
My scripts generate live files, each of which represents data for one
month (Gregorian); the filename is of the form YEAR-MONTH, a la
"%04d-%02d", eg 2024-02 for February 2024.  When I notice
(approximately once a year), I roll the 12 files for a single year into
a single file, named after the year.

Each file contains one line per failure; each line contains a timestamp
(in UTC, of the beginning of the connection), the address and port of
the FTP client, and the login and password attempted.

There are two possibly useful aspects of this data.

One is that these passwords are known to be attempted in the wild; if
you're using any of them I strongly recommend you switch to something
less guessable.  (I'm not sure how useful the attempted usernames are.)

The other is that the hosts are known to have attempted to break into
my FTP server; if any of them are in your netblock I strongly recommend
you look into them as likely compromised, especially if the timestamp
is relatively recent.