Free Threat Feeds

Shadowserver’s new daily reports as part of the VARIoT project

The following new daily reports are sent out to 132 National CSIRTs across 173 countries and territories and 6000+ organizations worldwide in Shadowserver free daily feeds as part of the VARIoT project:

New IoT scan types and reports

Accessible AMQP Report

Accessible CoAP Report

Open IPP Report

Open MQTT Report (includes MQTT/TLS)

New Device Identification Report that utilizes device fingerprinting technology and fingerprints developed as part of VARIoT, for IoT and other device identification. As of December 2021, over 1000 fingerprints exist covering 119 vendors.

New Device Identification Report (includes also an IPv6 version)

Honeypot & Malware reports:

Malware URL report (newly added)

Honeypot HTTP Scanner report (enhanced with CVE, MITRE ATT&CK, CVSS, device/product and other attack meta-information)

Honeypot ICS Scanner report (maintained from

New IPv6 scans and IPv6 reports:

Accessible Telnet

Device Identification


SSL Poodle

Vulnerable HTTP

Vulnerable SMTP

The following reports also gained their IPv6 version. They are optional to Shadowserver subscribers.

Accessible HTTP

Accessible SMTP

Accessible SSH

Accessible SSL