![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 11%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
20,212 questions
Why do you think that this is an attack?
Knowing nothing about your environment and just "judging" on your screenshots...
Do you really need that SQL Service "Replay Agent"?
From everything I know this just looks like you are doing something on your server that wants to access something that is not running right now and cannot be started because of an security/permission issue.
According to this post
https://learn.microsoft.com/en-us/troubleshoot/windows-client/application-management/event-10016-logged-when-accessing-dcom
the errorid itself is nothing dangerous and on a first view "normal" (if you don't have such permissions)
your 4625 in combination with 10016 seems also to be normal because a login attempt was logged because it failed... in this scenario I would suggest it is a user that wants to start a specific service...
yes, in a compromised environment that might be an attacker, then your first point of connection should be GoDaddy and not a Microsoft Community Forum...
If it is a DDOS attack also contact GoDaddy as they are responsible for the underlying network infrastructure.
From my point of view: "Take a deeper look into your application, why and who is somebody trying to start regularly that "Distributed Replay Agent" and those permissions."
