---
source: newsletter
source_url: https://hackread.com/canvas-hackers-shinyhunters-official-domain-suspended/
tags: [hackread, mistral-ai, security, vulnerability, repository-attack]
ingested: 2026-05-15
sha256: ed84bcfa790d
review_value: 7
review_confidence: 7
review_recommendation: strong
---
# Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended
Published Time: 2026-05-12T22:18:09+01:00
Markdown Content:
[![Image 1: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)[![Image 2: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)
*   [Hacking News](https://hackread.com/category/data-breaches/hacking-news/)
    *   [Leaks](https://hackread.com/category/data-breaches/hacking-news/leaks-affairs/)
    *   [WikiLeaks](https://hackread.com/category/data-breaches/hacking-news/wikileaks-affairs/)
    *   [Anonymous](https://hackread.com/category/data-breaches/hacking-news/anonymous/)
*   [Technology](https://hackread.com/category/technology/)
    *   [Android](https://hackread.com/category/technology/android/)
    *   [Apple](https://hackread.com/category/technology/anews/)
    *   [Google](https://hackread.com/category/technology/gnews/)
    *   [Microsoft](https://hackread.com/category/technology/microsoft/)
    *   [Samsung](https://hackread.com/category/technology/samsung/)
    *   [3D](https://hackread.com/category/technology/3d/)
    *   [How To](https://hackread.com/category/how-to/)
    *   [Artificial Intelligence](https://hackread.com/category/artificial-intelligence/)
        *   [Machine Learning](https://hackread.com/category/artificial-intelligence/machine-learning/)
*   [Cyber Crime](https://hackread.com/category/latest-cyber-crime/)
    *   [Phishing Scam](https://hackread.com/category/latest-cyber-crime/phishing-scam/)
    *   [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/)
*   [Security](https://hackread.com/category/security/)
    *   [Malware](https://hackread.com/category/security/malware/)
    *   [Censorship](https://hackread.com/category/cyber-events/censorship/)
    *   [Cyber Attacks](https://hackread.com/category/cyber-events/cyber-attacks-cyber-events/)
*   [Crypto](https://hackread.com/category/cryptocurrency/)
    *   [Blockchain](https://hackread.com/category/blockchain/)
*   [Surveillance](https://hackread.com/category/surveillance/)
    *   [Drones](https://hackread.com/category/surveillance/drones/)
    *   [NSA](https://hackread.com/category/surveillance/nsa/)
    *   [Privacy](https://hackread.com/category/surveillance/privacy/)
*   [Gaming](https://hackread.com/category/gaming/)
*   [Submit Press Release](https://hackread.com/submit-press-release/)
[![Image 3: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)[![Image 4: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)
*   [Hacking News](https://hackread.com/category/data-breaches/hacking-news/)
    *   [Leaks](https://hackread.com/category/data-breaches/hacking-news/leaks-affairs/)
    *   [WikiLeaks](https://hackread.com/category/data-breaches/hacking-news/wikileaks-affairs/)
    *   [Anonymous](https://hackread.com/category/data-breaches/hacking-news/anonymous/)
*   [Technology](https://hackread.com/category/technology/)
    *   [Android](https://hackread.com/category/technology/android/)
    *   [Apple](https://hackread.com/category/technology/anews/)
    *   [Google](https://hackread.com/category/technology/gnews/)
    *   [Microsoft](https://hackread.com/category/technology/microsoft/)
    *   [Samsung](https://hackread.com/category/technology/samsung/)
    *   [3D](https://hackread.com/category/technology/3d/)
    *   [How To](https://hackread.com/category/how-to/)
    *   [Artificial Intelligence](https://hackread.com/category/artificial-intelligence/)
        *   [Machine Learning](https://hackread.com/category/artificial-intelligence/machine-learning/)
*   [Cyber Crime](https://hackread.com/category/latest-cyber-crime/)
    *   [Phishing Scam](https://hackread.com/category/latest-cyber-crime/phishing-scam/)
    *   [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/)
*   [Security](https://hackread.com/category/security/)
    *   [Malware](https://hackread.com/category/security/malware/)
    *   [Censorship](https://hackread.com/category/cyber-events/censorship/)
    *   [Cyber Attacks](https://hackread.com/category/cyber-events/cyber-attacks-cyber-events/)
*   [Crypto](https://hackread.com/category/cryptocurrency/)
    *   [Blockchain](https://hackread.com/category/blockchain/)
*   [Surveillance](https://hackread.com/category/surveillance/)
    *   [Drones](https://hackread.com/category/surveillance/drones/)
    *   [NSA](https://hackread.com/category/surveillance/nsa/)
    *   [Privacy](https://hackread.com/category/surveillance/privacy/)
*   [Gaming](https://hackread.com/category/gaming/)
*   [Submit Press Release](https://hackread.com/submit-press-release/)
[![Image 5: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)[![Image 6: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo.png)](https://hackread.com/)
##### The Latest
![Image 7: Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS](https://hackread.com/wp-content/uploads/2026/05/fake-job-interview-jobstealer-malware-windows-macos-3-110x110.jpg)
[](https://hackread.com/fake-job-interview-jobstealer-malware-windows-macos/)
###### [Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS](https://hackread.com/fake-job-interview-jobstealer-malware-windows-macos/)
![Image 8: How Fintech APIs Are Modernizing Business Cash Flow Management](https://hackread.com/wp-content/uploads/2026/05/fintech-apis-modernize-business-cash-flow-management-110x110.jpg)
[](https://hackread.com/fintech-apis-modernize-business-cash-flow-management/)
###### [How Fintech APIs Are Modernizing Business Cash Flow Management](https://hackread.com/fintech-apis-modernize-business-cash-flow-management/)
![Image 9: FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit](https://hackread.com/wp-content/uploads/2026/05/famoussparrow-oil-gas-ms-exchange-server-exploit-110x110.jpg)
[](https://hackread.com/famoussparrow-oil-gas-ms-exchange-server-exploit/)
###### [FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit](https://hackread.com/famoussparrow-oil-gas-ms-exchange-server-exploit/)
![Image 10: China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage](https://hackread.com/wp-content/uploads/2026/05/chinatwill-typhoon-fake-apple-yahoo-sites-espionage-110x110.jpg)
[](https://hackread.com/chinatwill-typhoon-fake-apple-yahoo-sites-espionage/)
###### [China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage](https://hackread.com/chinatwill-typhoon-fake-apple-yahoo-sites-espionage/)
*   [Zyxel](https://hackread.com/tag/zyxel/)
*   [Zynga](https://hackread.com/tag/zynga/)
*   [Zyklon B hacker](https://hackread.com/tag/zyklon-b-hacker/)
*   [Zygote](https://hackread.com/tag/zygote/)
*   [Zurich Insurance Group](https://hackread.com/tag/zurich-insurance-group/)
*   [Zues Malware](https://hackread.com/tag/zues-malware/)
*   [Zues](https://hackread.com/tag/zues/)
*   [ZTNA](https://hackread.com/tag/ztna/)
*   [ZTA Gateways](https://hackread.com/tag/zta-gateways/)
*   [ZTA](https://hackread.com/tag/zta/)
![Image 11: Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended](https://hackread.com/wp-content/uploads/2026/05/canvas-hackers-shinyhunters-official-domain-suspended.png)
*   [Cyber Crime](https://hackread.com/category/latest-cyber-crime/)
*   [Security](https://hackread.com/category/security/)
 ShinyHunters says its shinyhunte.rs domain was suspended after the Canvas LMS attacks, forcing the group to move fully to its dark web (.onion) site. 
[![Image 12](https://secure.gravatar.com/avatar/3c971597535b97dcf1c986f945aa98a632225995095afc68c2a7c0dff262d639?s=26&d=mm&r=g)by Waqas](https://hackread.com/author/hackread/ "View all posts by Waqas")
May 12, 2026
3 minute read
The notorious hacking group ShinyHunters, recently linked to the large-scale compromise and defacement of **[Instructure’s Canvas LMS](https://hackread.com/shinyhunters-instructure-canvas-lms-vimeo-data-breach/)** platform, claims its official clearnet domain has been suspended by the domain registry, fueling online speculation that the site may have been targeted following the group’s recent attacks.
The issue surfaced on Monday, May 11, 2026, when the group’s public-facing domain, `shinyhunte.rs`, suddenly went offline. Soon after, rumors spread across underground forums and social media platforms suggesting the domain may have been seized by law enforcement agencies, including speculation about possible FBI involvement.
The timing of the outage comes shortly after **[ShinyHunters](https://hackread.com/tag/ShinyHunters/)** claimed responsibility for attacks targeting Canvas LMS, a widely used learning management system adopted by universities and educational institutions worldwide.
### **Canvas LMS Attack**
Hackread.com previously **[reported](https://hackread.com/shinyhunters-defaces-canvas-lms-portal-universities-affected/)** on the cyberattack and confirmed that hundreds of universities experienced class disruptions following the Canvas LMS defacement incident.
The attack affected multiple universities globally, with compromised Canvas portals displaying a defacement message allegedly posted by ShinyHunters. The page included statements about the breach and threats to leak stolen data if ransom demands were not met.
[![Image 13: ShinyHunters Defaces Canvas LMS Portal, Thousands of Universities Affected](https://hackread.com/wp-content/uploads/2026/05/shinyhunters-defaces-canvas-lms-portal-universities-affected-1024x576.jpeg)](https://hackread.com/wp-content/uploads/2026/05/shinyhunters-defaces-canvas-lms-portal-universities-affected.jpeg)
Defacement message left by the ShinyHunters hacking group on the Canvas LMS portal (Image credit: Hackread.com)
Despite the attention surrounding the group’s clearnet website, the domain itself was used only for announcements and operational updates. Data leaks connected to the group’s previous **[Salesforce](https://hackread.com/shinyhunters-hackers-threat-stolen-salesforce-data/)** and Anodot-related breaches were hosted separately on a **[dark web](https://hackread.com/ad-fraud-dark-web-economy-market/)** (.onion) leak accessible through the Tor network.
[![Image 14: Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended](https://hackread.com/wp-content/uploads/2026/05/canvas-hackers-shinyhunters-official-domain-suspended-dark-web-1024x891.png)](https://hackread.com/wp-content/uploads/2026/05/canvas-hackers-shinyhunters-official-domain-suspended-dark-web.png)
homepage of the now-suspended domain of the ShinyHunters hackers (Image credit: Hackread.com)
At the time of writing, the group’s onion domain remains active, along with a notice stating “The domain shinyhunte.rs was suspended, it is not operated and owned by us anymore.”
The group also warned visitors not to trust the suspended domain in the future, claiming it could later be registered or reused by unrelated actors for malicious activity. “It may be reclaimed by unknown persons in the future for malicious use. We do not control shinyhunte.rs anymore; it has been suspended by the registry.”
ShinyHunters further stated that all future announcements and leak activity will now be conducted exclusively through its onion-based infrastructure. “We will operate at this onion domain only moving forward. Anyone claiming to be us anywhere is impersonating.”
[![Image 15: Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended](https://hackread.com/wp-content/uploads/2026/05/lms-canvas-hackers-shinyhunters-official-domain-suspended.png)](https://hackread.com/wp-content/uploads/2026/05/lms-canvas-hackers-shinyhunters-official-domain-suspended.png)
ShinyHunters’ announcement on its dark web site (Image credit: Hackread.com)
### **Understanding the .RS Domain**
The `.rs` domain is the country code top-level domain (ccTLD) assigned to Serbia. The abbreviation “RS” comes from “Republika Srbija,” meaning the Republic of Serbia. The namespace is managed by the Serbian National Internet Domain Registry, commonly known as RNIDS.
While [**domain suspensions**](https://hackread.com/dailystormer-booted-off-by-austrian-domain-registrar/) are not unusual in cases involving malware distribution, phishing, ransomware, or cybercrime operations, such actions generally require abuse complaints, supporting evidence, or requests from security organizations, hosting providers, CERT teams, or law enforcement agencies.
It remains unclear whether Serbian authorities or the registry itself acted independently, or whether the suspension followed requests or evidence submitted by foreign agencies investigating ShinyHunters’ recent activity.
At this stage, there is also no public evidence confirming that the domain was officially seized by the FBI or any other law enforcement body.
### **Moving Away From the Clearnet**
Although losing a domain can temporarily disrupt operations, cybercriminal groups often recover quickly by registering replacement domains under different extensions or relocating activity to **[decentralized infrastructure](https://hackread.com/web3-needs-decentralized-infrastructure-ipfs/)**.
However, ShinyHunters’ decision to abandon clearnet operations entirely and rely only on its onion-based platform suggests the group is becoming more cautious about operational security and exposure following increased public attention surrounding the Canvas LMS attacks.
Additionally, the group’s continued use of a Tor-based onion service makes disruption more difficult because onion domains operate outside the traditional DNS system managed by registries and ICANN-linked providers.
##### [Waqas](https://hackread.com/author/hackread/)
[![Image 16](https://secure.gravatar.com/avatar/3c971597535b97dcf1c986f945aa98a632225995095afc68c2a7c0dff262d639?s=80&d=mm&r=g)](https://hackread.com/author/hackread/)
 I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. 
[View Posts](https://hackread.com/author/hackread/)
*   [Canvas](https://hackread.com/tag/canvas/)
*   [Cyber Crime](https://hackread.com/tag/cyber-crime/)
*   [Cybersecurity](https://hackread.com/tag/cybersecurity/)
*   [data breach](https://hackread.com/tag/data-breach/)
*   [Domain](https://hackread.com/tag/domain-2/)
*   [Instructure](https://hackread.com/tag/instructure/)
*   [LMS](https://hackread.com/tag/lms/)
*   [Serbia](https://hackread.com/tag/serbia/)
*   [ShinyHunters](https://hackread.com/tag/shinyhunters/)
##### Leave a Reply [Cancel reply](https://hackread.com/canvas-hackers-shinyhunters-official-domain-suspended/#respond)
Your email address will not be published.Required fields are marked *
Comment *
Name *
Email *
Website
Δ
View Comments (0)
##### Subscription Form
![Image 17: loader](https://hackread.com/wp-includes/images/spinner.gif)
Email Address*
FIRSTNAME
LASTNAME
##### Latest Posts
*   [Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS](https://hackread.com/fake-job-interview-jobstealer-malware-windows-macos/)
*   [How Fintech APIs Are Modernizing Business Cash Flow Management](https://hackread.com/fintech-apis-modernize-business-cash-flow-management/)
*   [FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit](https://hackread.com/famoussparrow-oil-gas-ms-exchange-server-exploit/)
*   [China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage](https://hackread.com/chinatwill-typhoon-fake-apple-yahoo-sites-espionage/)
*   [TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack (Updated)](https://hackread.com/teampcp-mistral-ai-repositories-mini-shai-hulud-attack/)
##### PRESS RELEASE
*   
![Image 18](https://hackread.com/wp-content/uploads/2026/05/Lyrie_and_Anthropic_1778138816A1kmRs3pAH-80x80.jpg) [](https://hackread.com/lyrie-ai-joins-first-batch-of-anthropics-cyber-verification-program/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program](https://hackread.com/lyrie-ai-joins-first-batch-of-anthropics-cyber-verification-program/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
*   
![Image 19](https://hackread.com/wp-content/uploads/2026/05/LuxSci_Secure_Email_Mid-Sized_PR_1777922928HSMMEp3uoy-80x80.jpg) [](https://hackread.com/luxsci-launches-enterprise-grade-hipaa-compliant-email-security-for-mid-sized-healthcare-organizations/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations](https://hackread.com/luxsci-launches-enterprise-grade-hipaa-compliant-email-security-for-mid-sized-healthcare-organizations/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
*   
![Image 20](https://hackread.com/wp-content/uploads/2026/05/1200_700_1776732787DlSbx2MTHb-80x80.jpg) [](https://hackread.com/criminal-ip-and-securonix-threatq-collaborate-to-enhance-threat-intelligence-operations/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations](https://hackread.com/criminal-ip-and-securonix-threatq-collaborate-to-enhance-threat-intelligence-operations/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
*   
![Image 21](https://hackread.com/wp-content/uploads/2026/04/Picture1_1777442433Pk2kOwYHqu-80x80.jpg) [](https://hackread.com/brinker-introduces-a-novel-approach-to-deepfake-detection/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [Brinker Introduces a Novel Approach to Deepfake Detection](https://hackread.com/brinker-introduces-a-novel-approach-to-deepfake-detection/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
*   
![Image 22](https://hackread.com/wp-content/uploads/2026/04/BreachLock_Named_Representative_Vendor_in_2026_Gar_1776721618nJIDraNFL9-80x80.jpg) [](https://hackread.com/breachlock-named-representative-vendor-in-the-2026-gartner-market-guide-for-adversarial-exposure-validation/) 
    *   [Press Release](https://hackread.com/category/press-release/)
### [BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation](https://hackread.com/breachlock-named-representative-vendor-in-the-2026-gartner-market-guide-for-adversarial-exposure-validation/)
[by CyberNewswire](https://hackread.com/author/cybernewswire/ "View all posts by CyberNewswire")
##### Related Posts
*   [Leaks](https://hackread.com/category/data-breaches/hacking-news/leaks-affairs/)
*   [Privacy](https://hackread.com/category/surveillance/privacy/)
*   [Security](https://hackread.com/category/security/)
## [TOR Traffic Data leak Caused by Misconfigured Apache Servers](https://hackread.com/tor-traffic-data-leak-caused-by-misconfigured-apache-servers/)
 An unmodified default setting in Apache Web Servers revealed crucial details related to TOR traffic that passed through… 
[by Owais Sultan](https://hackread.com/author/owais/ "View all posts by Owais Sultan")
![Image 23: How Major SOCs Achieve Early Threat Detection in 3 Steps](https://hackread.com/wp-content/uploads/2025/09/how-major-socs-achieve-threat-detection-3-steps-5-260x195.jpg)
Read More
[](https://hackread.com/how-major-socs-achieve-threat-detection-3-steps/)
*   [Security](https://hackread.com/category/security/)
## [How Major SOCs Achieve Early Threat Detection in 3 Steps](https://hackread.com/how-major-socs-achieve-threat-detection-3-steps/)
 Every SOC leader understands that faster threat detection is better. But the difference between knowing it and building… 
[by Owais Sultan](https://hackread.com/author/owais/ "View all posts by Owais Sultan")
*   [Cyber Crime](https://hackread.com/category/latest-cyber-crime/)
## [Man whose DDoS attacks took down entire country’s Internet jailed](https://hackread.com/main-jailed-for-ddos-attacks-using-mirai-botnet/)
 A court in London has sentenced a British and Israeli cyber criminal Daniel Kaye aka “BestBuy and Popopret” to… 
[by Waqas](https://hackread.com/author/hackread/ "View all posts by Waqas")
![Image 24: Fake PoC Exploit Targets Cybersecurity Researchers with Malware](https://hackread.com/wp-content/uploads/2025/01/fake-poc-exploit-hit-cybersecurity-researchers-malware-1-260x195.jpg)
Read More
[](https://hackread.com/fake-poc-exploit-hit-cybersecurity-researchers-malware/)
*   [Security](https://hackread.com/category/security/)
*   [Malware](https://hackread.com/category/security/malware/)
*   [Scams and Fraud](https://hackread.com/category/latest-cyber-crime/scams-and-fraud/)
## [Fake PoC Exploit Targets Cybersecurity Researchers with Malware](https://hackread.com/fake-poc-exploit-hit-cybersecurity-researchers-malware/)
 A fake proof-of-concept (PoC) exploit designed to lure cybersecurity researchers into downloading malicious software. This deceptive tactic leverages a recently patched critical vulnerability in Microsoft's Windows LDAP service (CVE-2024-49113), which can cause denial-of-service attacks. 
[by Deeba Ahmed](https://hackread.com/author/deeba/ "View all posts by Deeba Ahmed")
[![Image 25: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo-footer.png)](https://hackread.com/)[![Image 26: Hackread - Cybersecurity News, Data Breaches, AI and More](https://hackread.com/wp-content/uploads/2023/08/Hackread-logo-footer.png)](https://hackread.com/)
 HACKREAD is a news platform that centers on Cybersecurity, AI, InfoSec, Cyber Crime and Hacking News with full-scale reviews on Crypto and Technology trends. Founded in 2011, HackRead is based in the United Kingdom. Copyright © 2026 HackRead 
The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.
*   [About Us](https://hackread.com/about-us/)
*   [Our Team](https://hackread.com/team/)
*   [Contact Us](https://hackread.com/contact-us/)
*   [Our Mission](https://hackread.com/our-mission/)
*   [Privacy Policy](https://hackread.com/privacy-policy/)
[](https://hackread.com/canvas-hackers-shinyhunters-official-domain-suspended/#top)