Cyber Security News reports that LockBit 5.0’s infrastructure was leaked on X.com on December 5 by Rakesh Krishnan:
LockBit 5.0 key infrastructure exposed, revealing the IP address 205.185.116.233, and the domain karma0.xyz is hosting the ransomware group’s latest leak site.
According to researcher Rakesh Krishnan, hosted under AS53667 (PONYNET, operated by FranTech Solutions), a network frequently abused for illicit activities, the server displays a DDoS protection page branded with “LOCKBITS.5.0,” confirming its role in the group’s operations.
This operational security lapse arrives amid LockBit’s resurgence with enhanced malware capabilities.
Krishnan first publicized the findings on December 5, 2025, via X (formerly Twitter), noting the domain’s recent registration and direct ties to LockBit 5.0 activities.
The leak revealed the IP address: 205.185.116.233 and that it is hosted on the karma0[.]xyz domain.
Read Cyber Security News for more details about the infrastructure exposure. They encourage everyone to block that IP address and domain.
