Table of Contents
- Did the January 2026 fritz.box DNS hijack expose my device to malware or security threats?
- Technical Breakdown: Local vs. Public Resolution
- Local Network Access (Safe)
- External Network Access (Compromised)
- Security Assessment and Risk Factors
- Official Resolution and Current Status
- Manufacturer Statement
- Advisor Recommendation
Did the January 2026 fritz.box DNS hijack expose my device to malware or security threats?
On January 22, 2026, network administrators and users observed a critical anomaly concerning the fritz.box domain. While typically reserved for local router configuration, public DNS queries for this domain unexpectedly resolved to an external IP address: 91.195.240.12.
This redirection stemmed from a domain registration lapse. Whois records confirm the domain registration expired on this specific date. Consequently, public name servers ceased returning the standard NXDOMAIN (non-existent domain) response and began routing traffic to a potentially malicious endpoint.
Technical Breakdown: Local vs. Public Resolution
Understanding how your device resolves DNS queries clarifies your actual risk level.
Local Network Access (Safe)
If you accessed fritz.box while connected to your home WiFi (behind a FRITZ!Box 7590 or similar), your traffic likely remained secure. Your router intercepts this specific URL request internally before it reaches the public internet. It resolves the address directly to the FRITZ!OS user interface (UI).
External Network Access (Compromised)
If you accessed the URL via a mobile data connection or an external network, your device queried public DNS servers. These servers identified the expired domain and directed the browser to 91.195.240.12. Users reported browser warnings stating, “The content of the page cannot be displayed,” or encountered connection timeouts.
Security Assessment and Risk Factors
The redirection to IP 91.195.240.12 warrants caution. Security analysis tools, including VirusTotal, flagged this IP address with negative reputation scores as of January 22, 2026.
- Malware Potential: Redirecting trusted domains to third-party IPs is a common vector for distributing malware or phishing for credentials.
- Historical Context: A similar incident occurred in January 2024, where the domain briefly displayed an NFT gallery. While that instance was benign, the lack of control over the domain presents a recurring vulnerability for users relying on public resolution.
Official Resolution and Current Status
As of 11:30 PM on January 22, 2026, the issue is resolved. FRITZ GmbH (formerly AVM) regained control of the domain configuration.
Manufacturer Statement
The press department of FRITZ GmbH confirmed the outage was brief. They attributed the error to an incorrect IP address registration with the registrar of the .box top-level domain. They reiterated that the fritz.box domain is intended for internal home network use, which remained functional throughout the incident. The external “general information page” usually hosted on this domain is now restored and safe to visit.
Advisor Recommendation
Always verify you are connected to your local network before entering router configuration URLs. If you encounter unexpected external pages when attempting to manage your network equipment, disconnect immediately and scan your device for malware.