The situation appears to be missing some details, but it looks like you have a resource that is attempting to access this website's sensitive webpages. The port 52520 is rarely used. My best guess is your webserver has been compromised by a bad actor and is being used without your authorization. I recommend terminating the server and remaking it while securing your ports to your own private IP address. If you have any previous snapshots from before those might be useful to utilize in this situation.
If you would like to dive deeper I would suggest moving this webserver to a secured VPC without internet traffic for further analysis. Check your CloudWatch metrics for abnormalities. As a safe precaution I recommend rotating your access keys and make sure you have Multi-factor Authentication enabled on all of your users (including root).
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago