DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

DigitalOcean, LLC's $5/Month VPS Problem: 906 Abuse Reports

Patrick Duggan
Nov 2, 2025
2 min read

title: "DigitalOcean, LLC's $5/Month VPS Problem: 906 Abuse Reports"

slug: threat-pattern-cloud-bot-farm-139-59-132-8

excerpt: "Caught in the wild: 139.59.132.8 (DigitalOcean, LLC) - 906 abuse reports from 275 organizations. Real OSINT, real receipts."

category: threat-intelligence

tags: [OSINT, ThreatIntel, cloud-bot-farm, DE, cloud-abuse]

author: Patrick Duggan

date: 2025-11-03

featured: true

# DigitalOcean, LLC's $5/Month VPS Problem: 906 Abuse Reports

**TL;DR:** 139.59.132.8 from DigitalOcean, LLC (DE) has been reported **906 times by 275 distinct organizations**. Pattern detected: cloud-bot-farm. Confidence: 80%.

The Receipts

**IP Address:** 139.59.132.8

**ISP:** DigitalOcean, LLC

**Country:** DE

**Usage Type:** Data Center/Web Hosting/Transit

**Abuse Score:** 100/100

**Total Reports:** 906

**Distinct Reporters:** 275

**Last Seen:** 2025-10-30T17:16:35+00:00

**Hostname:** `a113ac0491.scan.leakix.org`

Attack Pattern

**Classification:** CLOUD-BOT-FARM

**Severity:** MEDIUM

**Attack Types:** Web Scanning, SSH Brute Force

Why This Matters

Cloud providers make it **trivially easy** to spin up attack infrastructure:

- $5/month VPS

- No questions asked

- Instant provisioning

- Easy to rotate IPs

This IP has been reported **906 times**, meaning it's been actively abusive for weeks/months without being shut down.

Evidence Sample

Here are the first 5 abuse reports (out of 906 total):

Report 1 - 2025-10-30

**Reported by:** Germany (DE)

**Details:**

Report 2 - 2025-10-30

**Reported by:** Spain (ES)

**Details:**

Report 3 - 2025-10-30

**Reported by:** Netherlands (NL)

**Details:**

Report 4 - 2025-10-30

**Reported by:** Netherlands (NL)

**Details:**

Report 5 - 2025-10-30

**Reported by:** Malaysia (MY)

**Details:**

Detection Methodology

**Pattern:** cloud-bot-farm

**Confidence Score:** 80%

**Detection Factors:**

- ✅ Cloud hosting provider: DigitalOcean, LLC

- ✅ Very high report count (906 > 500)

- ✅ Perfect abuse score (100/100)

- ✅ Persistent abuser (not quickly shut down)

What Defenders Should Do

Detection Rules

Mitigation

1. **Block this IP immediately:** 139.59.132.8

2. **Block ASN/range if persistent:** Check if entire range is abusive

3. **Monitor for pattern:** Look for similar cloud-bot-farm activity

4. **Share intel:** Report to AbuseIPDB, GreyNoise, etc.

The Philosophy: Sunlight is the Best Disinfectant

We publish this because:

1. **Hoarding threat intel is morally indefensible** - If you know about a threat, share it

2. **Public attribution forces accuracy** - Show receipts or look stupid

3. **Adversaries hate documentation** - Makes their infrastructure useless once published

Raw JSON Evidence

**Data Source:** AbuseIPDB + Live Traffic Analysis

**Detection Time:** 2025-11-03T03:47:38.121Z

**Methodology:** Automated pattern recognition + manual verification

🧠 Generated by Central Brain - Autonomous Threat Intelligence

💰 Cost to bad guys: $0 (we publish for free)

🎯 Cost to defenders: Intelligence without the enterprise tax

*Want to dispute this? Email [email protected] with your traffic logs. We'll publish corrections if evidence supports it.*

DigitalOcean, LLC's $5/Month VPS Problem: 906 Abuse Reports

The Receipts

Attack Pattern

Why This Matters

Evidence Sample

Report 1 - 2025-10-30

Report 2 - 2025-10-30

Report 3 - 2025-10-30

Report 4 - 2025-10-30

Report 5 - 2025-10-30

Detection Methodology

What Defenders Should Do

Detection Rules

Mitigation

The Philosophy: Sunlight is the Best Disinfectant

Raw JSON Evidence

Recent Posts

Comments