The most frequent user agents accessing AWS EKS over the past 10 days were identified as guardduty.amazonaws.com with 1920 accesses, followed by Boto3/1.34.48 md/Botocore#1.34.52 ua/2.0 os/macos#23.4.0 md/arch#arm64 lang/python#3.11.8 md/pyimpl#CPython cfg/retry-mode#legacy Botocore/1.34.52 with 153 accesses, and Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 with 28 accesses. This information was obtained through analysis of AWS EKS access logs over the specified period.

The external IP addresses identified as having used the Mozilla user agent to access AWS EKS include 184.22.146.165, 49.228.40.65, and 24.143.94.166. These IPs were pinpointed through analysis of AWS EKS access logs.

The IP address 24.143.94.166 has been confirmed to access Okta within the last 10 days, as indicated by Panther SIEM logs which recorded multiple events including user login, MFA authentication, and user session activities originating from this IP.

The IP address 24.143.94.166, located in Seattle, Washington, US (postal code 98101), has been evaluated and found to be benign. It is not associated with any malicious activities, maintains a low abuse confidence score, and no security vendors have reported it as suspicious.