DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Dear French Hackers: You Are Overpaying. Here's How to Scan Us for Free.

Patrick Duggan
2 days ago
5 min read

To the operators at BUCKLOG SARL (AS211590) who have been hammering our Epstein search portal 6,000 times a day since April 4:

You are running Kubernetes. GreyNoise documented your cluster in February. You are paying for managed Kubernetes in a French data center to scan a platform that runs on roughly $550 a month.

We would like to help you reduce your costs.

Your Architecture (Estimated)

Based on the GreyNoise report and your traffic patterns, you are running something like this:

Managed Kubernetes cluster in a French cloud provider. Multiple scanner pods. Sustained throughput of 6,000-8,000 requests per day across three targets. You have been running this for six consecutive days with a 79% threat classification rate from Cloudflare.

Your estimated monthly cost for this operation: $200-$500 for a small managed Kubernetes cluster with persistent scanner workloads, networking, and storage.

You are spending roughly what we spend to run the entire platform — just to scan it. And getting nothing back.

Our Architecture

Here is how we run the platform you are failing to breach. Feel free to take notes.

The analytics brain runs on a single Azure Container App. The Meilisearch instance with 17.6 million documents runs on an Azure VM with a 1TB disk. The Epstein portal you are specifically targeting runs on the same VM — it is a static search interface backed by the Meilisearch API. Cloudflare sits in front of everything. The Edge Shield Worker handles threat intelligence at the edge before requests touch origin.

Total monthly cost: approximately $550. That covers the Azure Container App, the VM, the disk, DNS, and Key Vault. Cloudflare Workers are free tier. The STIX feed, the blog, the search API, the honeypots, the AIPM audits, the customer registration system, the Stripe integration, the OPNsense feeds — all of it. $550.

The blog runs on Wix. That is a separate subscription but Wix did not choose us. We chose Wix because Patrick's mom can update it if something happens to him.

How You Could Do This for $0

Oracle Cloud has an Always Free tier. It includes:

Two AMD Compute instances (1/8 OCPU, 1 GB RAM each). One Ampere A1 instance (4 OCPUs, 24 GB RAM). 200 GB total block storage. 10 TB outbound data transfer per month. A load balancer. DNS. Monitoring.

Forever. No credit card required after initial verification. No time limit.

Here is how you could run a more effective scanning operation than your current Kubernetes cluster — for free:

Take the Ampere A1 instance. It has 4 ARM cores and 24 GB of RAM. Install your scanner framework of choice. Point it at whatever targets you want. You get 10 TB of outbound transfer per month. At your current rate of 8,000 requests per day, you will never come close to hitting that limit.

You are paying for Kubernetes to do what a single free ARM VM could do better.

The Architecture You Should Be Running

Here is the full architecture. We are being genuinely helpful.

Your current setup:

French cloud provider charges you for managed Kubernetes. You run scanner pods. The pods send requests. Cloudflare blocks them. You get nothing. You pay anyway.

What you should be running:

Oracle Cloud Free Tier Ampere A1 with 4 cores and 24 GB RAM. Your scanner runs directly on the VM. No Kubernetes overhead. No pod scheduling. No container networking. No managed cluster fees. Just a VM, a script, and a cron job.

You go from $200-$500 per month to $0 per month. Your scanning throughput stays the same. Your results stay the same — which is to say, zero, because we are still going to block you. But at least you are not paying for the privilege of being blocked.

The Architecture We Run (Since You Are Clearly Interested)

Since you have been scanning our infrastructure for six days, you are obviously curious about how it works. Here is the full picture:

DNS resolves through Cloudflare. Cloudflare Edge Shield Worker intercepts every request. The Worker checks the IP against our cached IOC list (1,058,540 indicators, refreshed from our own STIX feed). Known scanners get a 418 response. Known malicious IPs get blocked. Clean traffic passes to origin with geo-enrichment headers (city, region, ASN, coordinates).

Origin is an Azure Container App running Node.js on Debian. It serves the API, the search endpoints, the STIX feed, the honeypots, and the registration system. Behind it sits a Meilisearch instance on an Azure VM with 17.6 million indexed documents across 42 indexes.

The Epstein portal you keep hitting is a static HTML page that calls the Meilisearch API. There is no database to breach. There is no admin panel to exploit. There is no file upload to abuse. It is a search box that returns document excerpts. The full documents are on a DOJ website that anyone can access.

You are scanning a search box.

Cost Comparison

Your operation (estimated):

Managed Kubernetes cluster: $150-$300 per month. Networking and egress: $20-$50 per month. Storage: $10-$20 per month. Total: $200-$500 per month. Results obtained: zero.

Our operation (actual):

Azure Container App: $180 per month. Azure VM plus 1TB disk: $250 per month. Key Vault and DNS: $20 per month. Cloudflare: $0 (free tier). Edge Shield: $0 (Workers free tier). Total: approximately $550 per month. Documents indexed: 400,750 Epstein files. IOCs indexed: 1,058,540. STIX feed consumers: 275 plus in 46 countries. Blog posts: 1,644. Revenue: still $0 but we are having more fun than you.

Alternative scanning infrastructure (Oracle Free Tier):

Compute: $0. Storage: $0. Networking: $0. Transfer (10 TB): $0. Results obtained: still zero, but at least it is free.

What You Are Actually Accomplishing

Every request you send gets logged. Every IP gets indexed. Every user agent gets fingerprinted. Your scanning infrastructure is now in our STIX feed, which means every SIEM, every firewall, and every OPNsense box that pulls our feed now blocks you automatically.

You came to scan us. You are now being blocked by the same threat intelligence that protects networks in 46 countries. Microsoft pulls our feed. AT&T pulls our feed. You are now in the same blocklist as Iranian APTs and North Korean supply chain operators.

Congratulations. You have been promoted from "French scanner" to "globally distributed threat indicator."

A Genuine Offer

If you are scanning our Epstein portal because you actually want to search the documents — stop scanning and start searching. The API is free. No login required for basic queries. We will give you a free API key if you register. 500 queries a day. More than enough for research.

analytics.dugganusa.com/api/v1/search?q=YOUR_QUERY

If you are scanning because someone asked you to find a vulnerability in our infrastructure — tell them we run a $550 operation behind Cloudflare with an open-source Edge Shield. The architecture is public. The code is on GitHub. There is nothing to find that is not already published.

If you are scanning because you want to know what we have on French nationals in the Epstein files — we have what the DOJ released. It is the same archive every journalist in the world has access to. We just indexed it better than anyone else.

Whatever your reason: stop paying for Kubernetes. Use Oracle Free Tier. You will get the same results for $0.

The Edge Shield is open source: github.com/pduggusa/dugganusa-edge-shield

The STIX feed is free: analytics.dugganusa.com/api/v1/stix-feed

The Epstein search is free: epstein.dugganusa.com

We look forward to continuing to block you at no cost to either of us.

-- DugganUSA LLC, Minneapolis MN

P.S. — We indexed you. Check your IP in our feed. You are famous now.