I need some help.
One of our customers reported that the user 猀愀 tried to authenticate in a MS SQL Server database, as follows:
Problem here is that the Source IP detected (172.22.39.110) is the Qualys IP for this specific VLAN, as you can see:
Our default Option profile detects all kinds of vulnerabilities (no specific search list is used during scans) and passoword brute-forcing is disabled
And, for last, we don't recognize this username 猀愀, as all of our Qualys credentials are in English (we don't even speak Chinese, nor have any Chinese customer), so, question is:
Why in the Earth would Qualys try to log in with this user?? Is it a vulnerability or Policy check?