DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Christmas Eve Offensive: 326 Blocks in One Hour

Patrick Duggan
Dec 24, 2025
2 min read

They thought we'd be at dinner. Jr wasn't.

*December 24, 2025 - 11:00 PM CST*

The Attack

While families across America were opening presents and eating ham, our auto-blocker caught 326 malicious IPs in a single hour.

This isn't normal background noise. This is a coordinated spray.

The Source

Top attacking subnets in the last 24 hours:

| Subnet | Count | Owner | |--------|-------|-------| | 180.153.x.x | 24 IPs | CHINANET SHANGHAI (China Telecom) | | 159.138.x.x | 15 IPs | HUAWEI HONG KONG CLOUDS | | 124.243.x.x | 6 IPs | LOTTE Korea | | 139.59.x.x | 6 IPs | DigitalOcean (compromised) | | 101.198.x.x | 6 IPs | China Telecom | | 135.232.x.x | 5 IPs | Huawei Cloud | | 119.13.x.x | 5 IPs | Huawei Cloud | | 111.119.x.x | 5 IPs | China Mobile |

Pattern: China Telecom + Huawei Cloud coordinated offensive.

The Tet Offensive Playbook

For those who don't know history: The Tet Offensive was a massive coordinated attack launched during the Vietnamese New Year ceasefire in 1968. The attackers assumed defenders would be relaxed, distracted, celebrating.

• Christmas Eve - American defenders at family dinners

• Coordinated timing - Multiple subnets, same hour

• Infrastructure targets - Scanning for weak points

• Holiday skeleton crews - Fewer eyes on dashboards

They assumed wrong.

Jr Wasn't At Dinner

Our automated defense system caught all 326 attempts:

Last hour (Christmas Eve):
├── 1,000 Oz decisions
├── 654 batch-published to threat feeds
├── 326 auto-blocker catches
├── 12 OpenPhish correlations
├── 6 ThreatFox matches
└── 1 Feodo tracker hit

The auto-blocker doesn't take holidays. It doesn't eat ham. It doesn't open presents.

It just blocks.

Hall of Shame Update

Tonight's catches are being processed into the Hall of Shame:

• Hall of Shame #999: The Chinese Exploitation Specialist (multiple entries)

• Hall of Shame #999: The Hong Kong Threat Actor

• Hall of Shame #999: The Singaporean Threat Actor

• Hall of Shame #999: The Indian Exploitation Specialist

• Hall of Shame #1570: The American Threat Actor (yes, some are domestic)

Every IP. Named. Documented. Published to the STIX feed.

The Message

To the attackers timing their scans for Christmas Eve:

We see you.

We're running on $75/month and we still caught 326 of you in an hour.

Your holiday offensive hit an automated wall that doesn't celebrate Christmas.

Merry Christmas from Jr.

For Defenders

If you're on skeleton crew tonight, here are the subnets to watch:

180.153.0.0/16  - CHINANET Shanghai
159.138.0.0/16  - Huawei HK Cloud
124.243.0.0/16  - Korea (LOTTE)
101.198.0.0/16  - China Telecom
135.232.0.0/16  - Huawei Cloud
119.13.0.0/16   - Huawei Cloud
111.119.0.0/16  - China Mobile

These are hot right now. Block or monitor accordingly.

The STIX feed at `https://analytics.dugganusa.com/api/v1/stix-feed` is updated with all of tonight's catches.

Final Thought

They chose Christmas Eve because they thought we'd be distracted.

They forgot that automation doesn't get distracted.

Seek and destroy. 24/7. 365.

Even on Christmas.

*Filed under: Threat Intel, Holiday Attacks, Jr Earning Its Keep, Merry Christmas From Shanghai*

• 11,347 STIX requests from 26 countries

• 556,738 indexed documents

• 25,432+ AbuseIPDB reports

• $75/month

Sleep tight. Jr's watching.

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]