260/69 Thursday, May 14, 2026
The cybercriminal group ShinyHunters has announced that its public-facing domain, “shinyhunte.rs,” has been suspended following increased attention surrounding the group’s attacks and website defacements involving Canvas LMS platforms used by universities and educational institutions worldwide. The domain reportedly became inaccessible on May 11, 2026, sparking speculation across underground forums and social media that the suspension may be linked to law enforcement activity, including theories suggesting a possible FBI seizure, although no official confirmation has been released.
Earlier, ShinyHunters claimed responsibility for attacks targeting Canvas LMS environments affecting multiple universities globally. Compromised systems reportedly displayed defacement messages referencing data leaks and ransom demands. However, the group stated that the shinyhunte.rs domain was used solely for publishing announcements and operational updates, while leaked data associated with incidents such as the Salesforce and Anodot breaches were distributed separately through Tor-based onion sites. In a recent statement posted on its onion domain, the group claimed that “the shinyhunte.rs domain has been suspended and is no longer under the group’s control,” while warning that the domain could potentially be reused by other parties for malicious purposes in the future.
ShinyHunters further stated that it intends to migrate all future operations entirely to Onion Service infrastructure on the Tor network, reflecting an effort to improve operational security and reduce exposure to tracking through conventional internet infrastructure. The “.rs” domain is Serbia’s country-code top-level domain and is managed by the Serbian National Internet Domain Registry (RNIDS). At present, there is no confirmation whether the suspension resulted from action by Serbian authorities or requests from international law enforcement agencies. Security experts note that a transition to Tor-based infrastructure could make future tracking and takedown efforts significantly more difficult, as Onion Services do not rely on traditional DNS systems or standard ICANN-governed infrastructure.
Source https://hackread.com/canvas-hackers-shinyhunters-official-domain-suspended/