95.90.238.122 — Vodafone GmbH, DE — Very High (94%)

Check an IP Address, Domain Name, Subnet, or ASN

95.90.238.122 was found in our database!

Confidence Level

94%

Very High?

Geolocation

🇩🇪

GermanyBerlin

ISPVodafone GmbH

ASNAS3209

Activity Timeline

First seenFeb 18, 2026, 12:37 PM

Last seen14d ago

34Sessions

34Events

Protocol Breakdown

SSH

34 / 34

95.90.238.122 has a very high threat confidence level of 94%, originating from Berlin, Germany, on the Vodafone GmbH network (3209). It has been observed across 34 sessions targeting SSH, with detected attack patterns including ssh shell history tampering via environment reload, First observed on February 18, 2026, most recently active February 18, 2026.

Behaviors

Classified behavioral patterns observed

Ssh Shell History Tampering Via Environment Reload

high11x

Identifies an SSH session where the actor manipulates shell environment variables (such as HISTFILE, HISTSIZE, HISTCONTROL, or related variables) and reloads or reinitializes shell history in order to suppress, overwrite, or control command logging. The combination of explicitly setting environment variables and triggering a history reload indicates deliberate command history tampering rather than normal shell usage.

Primitives

Individual actions observed

Ssh W Logged In Users Enumeration23 Ssh Echo Shell Environment Variable16 Ssh History Environment Manipulation And Reload16 Ssh Which Command Resolution13

Related Threats

Explore related threat intelligence

🇩🇪More threats fromGermany ASMore threats fromVodafone GmbH SSHMore threats targetingSSH { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
178.27.90.142	100%	765
78.42.241.233	99%	278
109.91.4.177	100%	327
178.27.104.120	35%	3
188.195.253.194	39%	1

IP Address	Confidence	Events
87.106.147.36	100%	49,445
138.68.101.180	99%	211
89.163.204.62	89%	71,090
209.38.250.97	99%	187
46.101.211.145	99%	103