Note that Shadowserver is not
by UK government. It’s a Californian non-profit foundation
(1) run by Richard Perlotto, receiving sponsorship from many organisations and having its data used by even more. Including by state institutions. I do not know, what the “UK government” banner does there. Maybe they received a grant from British government. I don’t know British law, but in many circumstances such sponsorship puts a legal obligation to display various banners.
Therefore it is not UK government that you trust (or not).
And I do not think trust should be anywhere in this decision process. The message I am trying to convey is: don’t make such choices on a case-by-case basis. And don’t deploy security policies based on factors, which are not relevant to security. Treat their requests just like any other similar activity, no matter who is the source.
As said before, I wholeheartedly support you investigating and understanding the situation! This comment is about a reaction.
(1) search EIN 26-2267933 in IRS database (unfortunately you must run their crappy webapp, as they block linking specific results).