DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Boxing Day 2025: The Receipts

Patrick Duggan
Dec 26, 2025
2 min read

Category: security

The Numbers Don't Lie

While you were sleeping off Christmas dinner, the system kept working.

Overnight Stats (12/25-12/26)

| Metric | Value | |--------|-------| | IPs Blocked | 1,487 | | IOCs in Feed | 73,983 | | Oz Decisions | 129,898 | | AbuseIPDB Reports | 32,623 |

Top Attackers (12 hours)

| Country | Blocked | |---------|---------| | US | 181 | | Singapore | 65 | | China | 62 | | Hong Kong | 57 | | Belgium | 22 | | Germany | 20 |

That Hong Kong traffic? Huawei Cloud instances (`hwclouds-dns.com`). Not university students - attack staging infrastructure.

STIX Feed Adoption

Real organizations pulling our threat intel this week:

• SpaceX (verified)

• Germany (100 requests)

• India (98 requests)

• France (87 requests)

• Bulgaria (83 requests)

• UK, Russia, Canada

From a guy in Minnesota to SpaceX's security team. That's the pipeline.

The Christmas Attack Pattern

Steam went down Christmas Eve. So did Epic, Riot, and others. No official explanation from Valve.

• `142.93.125.218` (DigitalOcean)

• `134.209.167.84` (DigitalOcean)

DigitalOcean nuked them within hours of our report.

Aisuru hit Steam with 29.69 Tbps back in October. Same botnet, same target, Christmas timing. Connect the dots.

The Kid Factor

• `injectroblox.ru`

• `roblox.com.ge`

• `roblox.com.py`

Plus 5 Steam scams. Every one of those is a kid who didn't get their account stolen on Christmas morning.

Why We Do This

32,623 IPs reported to AbuseIPDB. That's not just defense - that's contribution. Every report helps block those IPs for everyone else.

Some SOC analyst in Singapore is blocking our Alibaba botnet IPs right now. Some kid in Munich still has their Steam account because our IOCs made it into the right blocklist.

The attackers don't take holidays. Neither does the system.

Get The Data

STIX 2.1 Feed: ```bash curl "https://analytics.dugganusa.com/api/v1/stix-feed" ```

TAXII 2.1 Discovery: ```bash curl "https://analytics.dugganusa.com/taxii2/" ```

Block History: ```bash curl "https://analytics.dugganusa.com/api/v1/behavioral/block-history?period=24h" ```

*DugganUSA LLC - Minnesota*

*The receipts don't lie.*

#threatintel #boxingday #spacex #aisuru #receipts

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]