Hi,

I have a Microsoft 365 Defender alert for "Activity from a password-spray associated IP address".

The address in question is "::1" which is a loopback address for Ipv6.

The activity was related to Microsoft exchange online.

I wanted to know why and how was a loopback address associated with this activity? What could have caused this issue and raised the alert !