Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo gbaco.com

Group: Lynx

Discovered by ransomware.live: 2026-02-17

Estimated attack date: 2026-02-17

Country: GB

Description:

GOFF BACKA ALFERA & COMPANY, LLC is a full-service public accounting and consulting firm serving clients locally, nationally and internationally. Our firm ranks among the top firms in the nation and has been voted by its employees as one of the top 25 places to work in the region. We take pride in providing the highest quality of services to our clients and our memberships in the AICPA's Employee Benefit Plan Audit Quality Center, Center for Public Company Audit Firms and Governmental Audit Quality Center assist our professional staff in achieving this ultimate goal. Our professionals are active leaders and members of numerous professional, educational and community organizations. Our specialized service groups, combined with our client relationship partner and manager structure, are designed to provide our clients with the highest value and technical expertise available without sacrificing the personalized service that is our trademark. In addition to the personal attention our client


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations@web.com
MX Records
  • mx1-us1.ppe-hosted.com.
  • mx2-us1.ppe-hosted.com.
TXT Records
  • google-site-verification=m-9fxve9EASOLs-2cUyDjQ7ERXWmixguc7GfNK9YFCE
  • duo_sso_verification=8GUSTOroAaAYZzFkgVlUE6FRk2hbWto7nqCoc051RKPjyzu9qbB62TPikiTx0AKo
  • v=spf1 ip4:173.13.37.25 ip4:50.217.234.110 ip4:50.217.234.123 a:dispatch-us.ppe-hosted.com include:spf.protection.outlook.com ~all
  • MS=ms83023969
  • ppe-931485f71e2f931deb020391ce80eec405e49094
Cloud / SaaS Services Detected
Microsoft 365 Cisco Duo Proofpoint Essentials

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.