Boxing Day 2025: The Receipts

Name: STIX 2.1 Feed
Creator: DugganUSA LLC

Patrick Duggan
Dec 26, 2025
2 min read

Updated: Apr 25

Category: security

The Numbers Don't Lie

While you were sleeping off Christmas dinner, the system kept working.

Overnight Stats (12/25-12/26)

| Metric | Value | |--------|-------| | IPs Blocked | 1,487 | | IOCs in Feed | 73,983 | | Oz Decisions | 129,898 | | AbuseIPDB Reports | 32,623 |

Top Attackers (12 hours)

| Country | Blocked | |---------|---------| | US | 181 | | Singapore | 65 | | China | 62 | | Hong Kong | 57 | | Belgium | 22 | | Germany | 20 |

That Hong Kong traffic? Huawei Cloud instances (`hwclouds-dns.com`). Not university students - attack staging infrastructure.

STIX Feed Adoption

Real organizations pulling our threat intel this week:

• SpaceX (verified)

• Germany (100 requests)

• India (98 requests)

• France (87 requests)

• Bulgaria (83 requests)

• UK, Russia, Canada

From a guy in Minnesota to SpaceX's security team. That's the pipeline.

The Christmas Attack Pattern

Steam went down Christmas Eve. So did Epic, Riot, and others. No official explanation from Valve.

• `142.93.125.218` (DigitalOcean)

• `134.209.167.84` (DigitalOcean)

DigitalOcean nuked them within hours of our report.

Aisuru hit Steam with 29.69 Tbps back in October. Same botnet, same target, Christmas timing. Connect the dots.

The Kid Factor

• `injectroblox.ru`

• `roblox.com.ge`

• `roblox.com.py`

Microsoft pulls this feed daily. AT&T pulls this feed daily. Starlink pulls this feed daily. Get the DugganUSA STIX feed — $9/mo →

Plus 5 Steam scams. Every one of those is a kid who didn't get their account stolen on Christmas morning.

Why We Do This

32,623 IPs reported to AbuseIPDB. That's not just defense - that's contribution. Every report helps block those IPs for everyone else.

Some SOC analyst in Singapore is blocking our Alibaba botnet IPs right now. Some kid in Munich still has their Steam account because our IOCs made it into the right blocklist.

The attackers don't take holidays. Neither does the system.

Get The Data

STIX 2.1 Feed: ```bash curl "https://analytics.dugganusa.com/api/v1/stix-feed" ```

TAXII 2.1 Discovery: ```bash curl "https://analytics.dugganusa.com/taxii2/" ```

Block History: ```bash curl "https://analytics.dugganusa.com/api/v1/behavioral/block-history?period=24h" ```

*DugganUSA LLC - Minnesota*

*The receipts don't lie.*

#threatintel #boxingday #spacex #aisuru #receipts

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]

The cheapest, fastest, most accurate threat feed on the internet.

275+ enterprises pulling daily. 1M+ IOCs. 17.4M indexed documents. We beat Zscaler by 43 days on NrodeCodeRAT. Starter tier $9/mo — less than any competitor’s sales demo.

Look up an IOC → · Audit your brand on AIPM → · See pricing →