The DNS Threat Landscape December 2025: A Three-month Lookback

Infoblox’s Q4 2025 DNS threat landscape report details a growing DNS-based threat ecosystem: over 7.6 million new threat domains discovered (20% QoQ increase), extensive use of DGAs, lookalike domains, tunneling and traffic distribution systems, and multiple active actors. Key findings include Detour Dog’s DNS TXT-based C2 and Strela Stealer distribution, Vault Viper’s Universe Browser/installer with RAT-like capabilities and links to organized crime and iGaming fraud, widespread ClickFix social-engineering abuse of built-in OS tools, and high volumes of zero-day domains detected preemptively—underscoring the need for DNS-based defensive controls during seasonal spikes.