← Back to IP report
Log Explorer
Fact drill-down for
20.221.71.226
Risk
3
LOW
Scope
All time
All-time facts
46
In-scope
46
Filtered
46
Seen
2025-02-23
→
2026-02-01
Freestyle query (contains)
Time (days, optional)
Page size
25
50
100
200
Apply
Reset (all-time)
Active
(none)
Clear
Faceted filters (facts-based)
exact core + snapshot + optional start/end
Annotation facets
Annotator (exact)
(any)
cred — 26
base — 20
Severity (exact)
(any)
(none) — 33
10 — 13
Label (exact)
(any)
cred — 26
observed — 20
HTTP facets
Method (exact, case-insensitive)
(any)
GET — 46
HTTP status (exact)
(any)
404 — 43
500 — 3
Snapshot facets
Subnet (exact)
(any)
20.221.71.0/24 — 46
ASN (exact)
(any)
8075 — 46
Country / Region / City (exact)
(any country)
United States — 46
(any region)
Iowa — 46
(any city)
Des Moines — 46
Org contains (ip_org or as_org_name)
Custom time window (optional override)
Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.
Start
End
Tip: keep windows tight when you need speed, but the default is fact-complete.
Top annotators (facts, in-scope)
cred
26
base
20
Top labels (facts, in-scope)
cred
26
observed
20
Click a pill to apply it as a filter.
Annotated access events
Showing page
1
/
1
— total
46
rows
← Prev
Next →
#
2026-02-01 13:02:16
event
35953734
GET
500
bytes
11799
ann
base
label
observed
Request
event observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2026-02-01 13:02:16
event
35953734
GET
500
bytes
11799
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2026-02-01 13:02:16
event
35953734
GET
500
bytes
11799
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2026-01-23 14:10:55
event
27132499
GET
404
bytes
7123
ann
base
label
observed
Request
event observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2026-01-23 14:10:55
event
27132499
GET
404
bytes
7123
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2026-01-23 14:10:55
event
27132499
GET
404
bytes
7123
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2026-01-22 04:36:02
event
25605580
GET
404
bytes
7120
ann
base
label
observed
Request
event observed
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-24 17:29:23
event
7989196
GET
404
bytes
7897
ann
base
label
observed
Request
event observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-24 17:29:23
event
7989196
GET
404
bytes
7897
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-24 17:29:23
event
7989196
GET
404
bytes
7897
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-24 16:00:58
event
7949311
GET
404
bytes
7897
ann
base
label
observed
Request
event observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-24 16:00:58
event
7949311
GET
404
bytes
7897
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-24 16:00:58
event
7949311
GET
404
bytes
7897
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-24 02:59:15
event
7609928
GET
404
bytes
7898
ann
base
label
observed
Request
event observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-24 02:59:15
event
7609928
GET
404
bytes
7898
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-24 02:59:15
event
7609928
GET
404
bytes
7898
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-20 10:48:41
event
7432624
GET
404
bytes
7896
ann
base
label
observed
Request
event observed
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-20 08:58:08
event
7386891
GET
404
bytes
7894
ann
base
label
observed
Request
event observed
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-19 19:26:16
event
7031685
GET
404
bytes
7897
ann
base
label
observed
Request
event observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-19 19:26:16
event
7031685
GET
404
bytes
7897
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-19 19:26:16
event
7031685
GET
404
bytes
7897
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-04 21:56:12
event
6006999
GET
404
bytes
7899
ann
base
label
observed
Request
event observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-04 21:56:12
event
6006999
GET
404
bytes
7899
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-04 21:56:12
event
6006999
GET
404
bytes
7899
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-01 16:35:40
event
3944311
GET
404
bytes
7897
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-01 16:35:40
event
3944311
GET
404
bytes
7897
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-04-01 16:35:40
event
3944311
GET
404
bytes
7897
ann
base
label
observed
Request
event observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-26 02:27:17
event
3832072
GET
404
bytes
7896
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-26 02:27:17
event
3832072
GET
404
bytes
7896
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-26 02:27:17
event
3832072
GET
404
bytes
7896
ann
base
label
observed
Request
event observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-21 03:34:30
event
5423153
GET
404
bytes
7900
ann
base
label
observed
Request
event observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-21 03:34:30
event
5423153
GET
404
bytes
7900
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-21 03:34:30
event
5423153
GET
404
bytes
7900
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-17 11:54:16
event
3578776
GET
404
bytes
7903
ann
base
label
observed
Request
event observed
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-17 11:54:16
event
3578775
GET
404
bytes
7903
ann
base
label
observed
Request
event observed
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-14 20:16:12
event
4343382
GET
404
bytes
7898
ann
base
label
observed
Request
event observed
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-11 02:37:02
event
3500100
GET
404
bytes
7900
ann
base
label
observed
Request
event observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-11 02:37:02
event
3500100
GET
404
bytes
7900
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-03-11 02:37:02
event
3500100
GET
404
bytes
7900
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/logon.aspx
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-02-25 04:35:46
event
2930895
GET
404
bytes
7898
ann
base
label
observed
Request
event observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-02-25 04:35:46
event
2930894
GET
404
bytes
7898
ann
base
label
observed
Request
event observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-02-25 04:35:46
event
2930895
GET
404
bytes
7898
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-02-25 04:35:46
event
2930895
GET
404
bytes
7898
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-02-25 04:35:46
event
2930894
GET
404
bytes
7898
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-02-25 04:35:46
event
2930894
GET
404
bytes
7898
ann
cred
label
cred
Request
Auth endpoint request observed
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
cred
rule
cred:auth_hit:auth_other
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/owa/auth/x.js
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
#
2025-02-23 07:08:27
event
4227374
GET
404
bytes
7899
ann
base
label
observed
Request
event observed
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
referer
-
UA
Mozilla/5.0 zgrab/0.x
summary
event observed
details
—
subnet
20.221.71.0/24
asn
8075 — Microsoft Corporation
geo
United States, Iowa, Des Moines
org
Microsoft Azure Cloud (centralus)
×
This is a custom alert message.
×
Confirm Action
Are you sure you want to proceed?
