I have a Microsoft 365 Defender alert for "Activity from a password-spray associated IP address".
The address in question is "::1" which is a loopback address for Ipv6.
The activity was related to Microsoft exchange online.
I wanted to know why and how was a loopback address associated with this activity? What could have caused this issue and raised the alert !