DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Dear GitHub Security: You're Welcome

Patrick Duggan
Nov 25, 2025
3 min read

*An open letter to the team that suspends accounts but doesn't return calls*

The Relationship Status: It's Complicated

Dear GitHub Security Team,

We need to talk about our relationship.

I've been sending you reports. A lot of reports. Professional ones with mermaid diagrams and STIX bundles and everything. You've been... quiet. The strong, silent type, apparently.

Let me recap what I've sent you in the past 72 hours:

• 61+ malicious account reports (Pattern 38 supply chain attacks)

• 16 repo warnings with our Judge Dredd calling cards

• 25 professional security reports complete with HTML formatting, network diagrams, and evidence chains

• Full C2 infrastructure details (149.102.156.62, Contabo GmbH, POST /5dc60508ab2db3b4.php)

• STIX 2.1 bundles with proper MITRE ATT&CK mappings

• A recursive follow-farm network analysis exposing accounts following 911,000+ users

And today I checked - four of the malware distribution accounts I reported? Suspended.

• FireSuper: 404

• rampubg14-cmyk: 404

• anuxagfr: 404

• winchmrsmilegodsgf: 404

So you *are* reading my emails. You're just not responding. I see how it is.

The Math

Let me do some quick calculations here:

• $7.5 billion acquisition by Microsoft (2018)

• Billions in annual revenue

• Massive security team with salaries I can only imagine

• Zero acknowledgment emails sent to me

• One guy in Minnesota

• Claude Code subscription

• $77/month Azure infrastructure

• 61+ detailed security reports sent to you

• 4 confirmed account suspensions from my reports

ROI on my free labor for you: ∞ (you paid $0, received incident response)

ROI on acknowledgment for you: Also $0, but you're not paying that either

What An Acknowledgment Email Looks Like

In case you've forgotten, here's a template:

Subject: RE: Security Report - Pattern 38 Supply Chain Accounts

Hi Patrick,

Thanks for the detailed report. We've reviewed the accounts you identified and taken appropriate action.

We appreciate security researchers who take the time to document threats comprehensively.

Best, GitHub Security Team ```

That's it. 47 words. Takes 30 seconds to send. Costs nothing. Builds goodwill with the security community. Encourages continued reporting.

But sure, radio silence works too. Very mysterious. Very Batman.

The Accounts You Haven't Suspended Yet

While I have your attention (do I have your attention?), here's today's follow-farm network report in case it got lost in your inbox:

| Account | Following | Issue | |---------|-----------|-------| | standardgalactic | 911,935 | Following nearly 1 MILLION accounts. All 22K repos are forks. | | dirambora | 63,468 | Classic follow-farm behavior | | andrecrafts | 11,959 | Hub connecting to other suspicious accounts | | barrylustig | 827 repos | 98.97% mechanical timing (Pattern 41 bot) |

These accounts are connected to the malware distribution network you just suspended. The followers weren't innocent bystanders - they were infrastructure.

Report sent: Today, via Microsoft Graph API, to [email protected]

Status: Probably sitting in a queue somewhere, being very not-responded-to.

Why I Keep Sending Reports Anyway

Here's the thing: I'm not going to stop.

Not because I expect acknowledgment (clearly that ship has sailed, circumnavigated the globe, and returned to port still unacknowledged).

I do it because:

1. It's the right thing to do. People are getting malware from your platform. 2. The evidence is public. Everything I send you is documented on my blog and STIX feed. 3. Someone has to. And apparently that someone is me, for free.

The security community shares intelligence. That's how it works. I publish IOCs, you (silently) act on them, developers don't get owned by Rhadamanthys stealers. Everybody wins.

Except my inbox. My inbox loses.

A Modest Proposal

How about this: I'll keep sending you detailed reports with professional documentation. You keep suspending the malicious accounts. And maybe - just maybe - once a quarter, you send a form email that says "thanks."

I'm not asking for a bug bounty. I'm not asking for a job. I'm not even asking for a LinkedIn endorsement.

Just... acknowledgment that the reports are being read by a human and not disappearing into the void.

Is that too much to ask?

(Based on the past 72 hours: apparently yes.)

In Conclusion

Dear GitHub Security Team:

You're welcome for the free incident response.

The malware accounts are suspended. The C2 is documented. The follow-farm network is exposed. The STIX feed is public. The blog posts are written.

I'll be here. Sending reports. Into the void.

Warm regards,

Patrick Duggan DugganUSA LLC The guy who keeps emailing you

P.S. - The STIX feed is at analytics.dugganusa.com/api/v1/stix-feed if you want to automate ingestion. You know, since we're apparently in a one-way data sharing relationship anyway.

P.P.S. - I know you're reading this. The referrer logs don't lie.

• [Follow the Followers: Unraveling GitHub's Shadow Social Graph](https://www.dugganusa.com/post/follow-the-followers-unraveling-github-s-shadow-social-graph)

• [Stealc/Rhadamanthys: Anatomy of a GitHub Supply Chain Infostealer](https://www.dugganusa.com/post/stealc-rhadamanthys-anatomy-of-a-github-supply-chain-infostealer)

• [Pattern 38: Building an Automated Supply Chain Attack Disclosure Pipeline](https://www.dugganusa.com/post/pattern-38-building-an-automated-supply-chain-attack-disclosure-pipeline)

STIX Feed: analytics.dugganusa.com/api/v1/stix-feed

*DugganUSA LLC - Sending security reports into the void since November 2025*