Subscribe to Reports
Complete the form below to request free, detailed, relevant, daily remediation reports about the state of your networks. We’ll evaluate your request and follow up with you. There is no charge for this service.
Common Questions
We share most of the data that we collect each day, filtered by ASN, CIDR, Country Code, or TLD (all levels). We offer 76 different report types; you can subscribe to any or all of them. Full answer »
How can I edit or update my subscription?
Please send an email to report_admin@shadowserver.org if you need to add or remove recipients, add new CIDR/ASN space to your subscriptions, make a change to your organization’s name, or request another update. All administration for your subscription is carried out internally by Shadowserver staff.
How are reports formatted?
The available format for reports is comma separated variable (CSV) files. The timestamps in the reports are always represented in UTC+0.
We run the reports every morning for the previous 24 hours, in UTC time. By default, our systems check your networks for each data area every time. The delivery frequency of reports will depend ... Full answer »
Are reports compressed?
All reports are compressed by default due to the use of non-ASCII characters. Most mail systems can’t handle the special characters very well; most, in fact, will just drop the emails, so compression is one method of encapsulating the text from the mail systems.
However, this can cause an issue with border protections that prevent compressed files from being delivered. If you cannot receive compressed files, please let us know, and we can disable compression for your reports.
We currently have a few types of delivery, depending upon your subscription for your area of responsibility. Full answer »
What types of reports do you offer?
We offer over 76 different reports, from activity like DDoS attacks and botnets to open Elasticsearch and MongoDB servers. You can see a full list of the reports we offer on the Network Reporting page.
What do I do if I receive a false positive?
While most of our data is no more than 24 hours old, occasionally mistakes are made. We currently process approximately three to four billion events each day. Our systems are not bullet-proof, nor is our code without flaw. So, if you think there’s an issue, feel free to contact us. We’ll take a look and try to get it fixed.
How long does it take to create the reports (when will you respond to me)?
While we don’t guarantee a fixed response time, we are committed to responding as rapidly as possible and creating reports as swiftly as we can. It takes time to validate listed networks and verify contacts; when we have a question, we’ll email you. Normally, however, the queue for report creation is cleared out at least once a month; many times, sooner.
Here are a few tips for getting your reports set up quickly ... Full answer »
Can you provide reports based on domain names?
Yes, we can provide reports based on domain names (as opposed to ASN/CIDR/Country level), in instances where you have ownership of domains but not of a particular IP. Examples of reports that can be filtered on domain include Compromised Website reports and Accessible RDP reports. TLD-level reports are available for National CERTs and to the operating registries responsible for that TLD.
Do you provide reports to national CERTs?
Yes. In fact, wherever possible, we like to work with the National CERT of each country. For those CERTs, we will provide country-level reports of any data we collect. This request is for a specific geographical area or TLD.
Help us make the Internet more secure
Shadowserver offers all services free of charge, for public benefit. We don’t sell data. Our revenue comes from sponsorships, grants, and charitable donations.