Looking for information about our urgent financial need for support to move our data center before May 26th 2020 and continue providing our public benefit services? Click here for the public announcement.
Looking for more information? Below are some of our most frequently asked questions. If your answer isn’t here, please contact us.
Yes. In fact, wherever possible, we like to work with the National CERT of each country. For those CERTs, we will provide country-level reports of any data we collect. This request is for a specific geographical area or TLD.
Yes, we can provide reports based on domain names (as opposed to ASN/CIDR/Country level), in instances where you have ownership of domains but not of a particular IP. Examples of reports that can be filtered on domain include Compromised Website reports and Accessible RDP reports. TLD-level reports are available for National CERTs and to the operating registries responsible for that TLD.
Here are a few tips for getting your reports set up quickly ... Full answer »
While we don’t guarantee a fixed response time, we are committed to responding as rapidly as possible and creating reports as swiftly as we can. It takes time to validate listed networks and verify contacts; when we have a question, we’ll email you. Normally, however, the queue for report creation is cleared out at least once a month; many times, sooner.
While most of our data is no more than 24 hours old, occasionally mistakes are made. We currently process approximately three to four billion events each day. Our systems are not bullet-proof, nor is our code without flaw. So, if you think there’s an issue, feel free to contact us. We’ll take a look and try to get it fixed.
We offer over 76 different reports, from activity like DDoS attacks and botnets to open Elasticsearch and MongoDB servers. You can see a full list of the reports we offer on the Network Reporting page.
We currently have a few types of delivery, depending upon your subscription for your area of responsibility. Full answer »
All reports are compressed by default due to the use of non-ASCII characters. Most mail systems can’t handle the special characters very well; most, in fact, will just drop the emails, so compression is one method of encapsulating the text from the mail systems.
However, this can cause an issue with border protections that prevent compressed files from being delivered. If you cannot receive compressed files, please let us know, and we can disable compression for your reports.
We run the reports every morning for the previous 24 hours, in UTC time. By default, our systems check your networks for each data area every time. The delivery frequency of reports will depend ... Full answer »
The available format for reports is comma separated variable (CSV) files. The timestamps in the reports are always represented in UTC+0.
PII includes information that can be used to distinguish or trace your identity, such as your name, birth date, and mother’s maiden name. Shadowserver does not collect PII through this website unless you submit it voluntarily. Full answer »
Shadowserver may share aggregated, non-personal information from time to time, such as the number of users who visited our website during a specific time period, their general geographic location, and other non-identifying data.
At Shadowserver, we believe in transparency and work to promote a culture of sharing across the Internet security community. But we aren’t reckless. The data we collect is protected. We make it available on a need-to-know basis, whether you’re an end-user or a national CSIRT. Full answer »
Shadowserver is an altruistic nonprofit working for the public good. Our funding comes from the sponsorships, grants, and charitable donations of those who share our vision for a more secure Internet.
You’re free to opt out at any time. To do so, email email@example.com and list the specific CIDRs you would like to have removed. (You’ll need to prove that you’re the verifiable owner of these CIDRs.)
We share most of the data that we collect each day, filtered by ASN, CIDR, Country Code, or TLD (all levels). We offer 76 different report types; you can subscribe to any or all of them. Full answer »
Please send an email to firstname.lastname@example.org if you need to add or remove recipients, add new CIDR/ASN space to your subscriptions, make a change to your organization’s name, or request another update. All administration for your subscription is carried out internally by Shadowserver staff.
Since our founding, Shadowserver has pioneered a radical shift in the global security community, in which governments and major organizations share what they know so that the Internet can become more secure. Full answer »
The Shadowserver Foundation is a registered 501(c)3 tax-exempt non-profit organization in the US (EIN: 26-2267933) and Stichting The Shadowserver Foundation Europe is a registered tax-exempt non-profit organization with public benefit status in The Netherlands (KvK Number 61199613).
You can verify an organization’s current 501(c)3 status on the IRS website.
Note that during the 2020 COVID-19 pandemic, the data returned by the IRS web search may not be up to date. If you receive an auto-revocation warning such as “Important note: Just because an organization appears on this list, it does not mean the organization is currently revoked, as they may have been reinstated” then you can check the current underlying source data in the IRS’s Exempt Organizations Business Master File Extract (EO BMF). Download the current state of California data and confirm the active 501(c)3 tax-exempt status there, since that master data is updated daily.