Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks


Group Nova
Discovered 2026-07-17 01:32 UTC
Est. attack date 2026-07-17
Country CA
Duplicate Entry
This victim has been identified as a duplicate of another entry in our database. However, this may not always be the case: the same organization can be targeted multiple times by the same or different ransomware groups, which may result in separate legitimate entries. Search for related entries

Description:

PHI Studio focuses its activities on the presentation and curation of immersive works in virtual reality (VR), augmented reality (AR) and extended reality (XR). Recognized locally and internationally for its innovative production approach, technical expertise and achievements in new forms of storytelling, PHI Studio collaborates with major global industry players and has worked on many award-winning projects, with international presentations in New York, Tokyo, Venice, Frankfurt, Luxembourg and Salt Lake City, among others. As a pioneer in interactive experiences, PHI Studio pushes the boundaries of immersive projects, with a focus on enhancing the visitor experience through a keen sense of detail and the elaboration of high-quality scenography. With a reputation for close collaborations with artists, creators, directors and producers from different backgrounds, PHI Studio aspires to be a catalyst of innovation, supporting the development of present and future talent - Nova Provide tree and samples from stolen data to the company when its get in touch with support department.

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abusegodaddy.com
  • domainsphi.ca
  • it_admindhc-ltd.com
MX Records
  • alt1.aspmx.l.google.com. Google Workspace
  • alt2.aspmx.l.google.com. Google Workspace
  • aspmx.l.google.com. Google Workspace
  • alt3.aspmx.l.google.com. Google Workspace
  • alt4.aspmx.l.google.com. Google Workspace
TXT Records
  • miro-verification=44902bc06aaf7b5e6e184878ecc4e2c636713686
  • v=spf1 ip4:168.245.0.78 include:mailgun.org include:_spf.mlsend.com include:_spf.phi.ca ~all
  • MS=ms14170231
  • asv=7cf60f27a517817105cdbda287d11b0e
  • facebook-domain-verification=bswllsldbxa8vqerxmib2pkyfx2io3
  • fbworkplace=phi
  • google-site-verification=TSKigO3HN_TAZypVQwxwuvo7hnrikVJeX9w4-fhKo5k
  • google-site-verification=aj86J7CCV9X53VjTjrHYDQYdwI8v4FNc7Puhoclsl7o
  • mailerlite-domain-verification=33b0cfaf231817a8d11ffc4f9561a10937bd9cb9
  • mailerlite-domain-verification=789b194140c6f7669de0fa502239f13cbb4fc656
Cloud / SaaS Services Detected
Microsoft 365 Miro Mailgun

Leak Screenshot:

Leak Screenshot