Infoblox Threat Intel

Reckless Rabbit

Reckless Rabbit is a highly sophisticated threat actor behind large-scale investment scams. It lures users with targeted social media ads and fake celebrity-endorsed news pages, and then collects personal data through embedded forms.

The operation employs registered domain generation algorithms (RDGAs) and wildcard DNS to create millions of domains, obscuring detection and analysis. Through traffic distribution systems (TDSs), visitors are redirected based on geolocation and device profile, often showing decoy content to researchers.

Its campaigns are highly localized, adjusting language and branding to fit regional contexts. This combination of technical evasion and social engineering makes Reckless Rabbit a global scam threat.

Reckless Rabbit

Operating since: At least April 2024
Infoblox discovered: July 2024
Infoblox published: April 2025
Prevalence: Uncommon

Threat actor resources

Blog

Infoblox Threat Intel
April 28, 2025

Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams

Dive into the similarities among large-scale investment scams and learn how DNS abuse fuels this billion-dollar industry.

Infoblox Threat Intel

Reckless Rabbit

Threat actor resources

Blog

Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams

Products

Solutions

Company

Resources

Get Infoblox Email Updates