According to the described unusual IP values, which describes source IPs entering your network?

When inbound traffic is analyzed, you expect the source addresses to come from outside your network and be globally routable. If the source appears to be part of your own address space, or uses private address ranges, or is a loopback address, that is unusual for incoming traffic. Private addresses and loopback addresses aren’t routable on the public Internet, and seeing them as the source of packets entering your network strongly suggests spoofed traffic or a misconfiguration (such as NAT/VPN quirks or internal hosts masquerading as external sources). This makes the described inbound source IP values—within your network range, plus private and loopback addresses—the best descriptor of what’s considered unusual for source IPs entering your network. Other options describe destination addresses or outbound source behavior, which don’t capture the inbound anomaly.