Free Threat Intel for Your Firewall: Block Bad IPs in 5 Minutes

Patrick Duggan
Jan 25
2 min read

Updated: Apr 25

What You Get

Format	Endpoint	Description
Plain IP List	?format=txt	One IP per line
CSV	?format=csv	IP, confidence, actor, country
STIX 2.1	Default	Full threat intel context
Suricata	/detection-rules/suricata	IDS/IPS rules

Base URL: https://analytics.dugganusa.com/api/v1/stix-feed

Current blocklist: 2,500+ high-confidence malicious IPs, updated every 15 minutes.

Palo Alto (Panorama / NGFW)

Option 1: External Dynamic List (EDL)

Objects > External Dynamic Lists > Add

Name: DugganUSA-Blocklist Type: IP List Source: https://analytics.dugganusa.com/api/v1/stix-feed?format=txt Refresh Rate: 1 hour

Option 2: MineMeld Integration

# config.yml
feeds:
  - name: dugganusa
    source: https://analytics.dugganusa.com/api/v1/stix-feed?format=csv
    type: csv
    fields:
      indicator: 0
      confidence: 1
      actor: 2

Fortinet (FortiManager / FortiGate)

Option 1: Threat Feed Connector

Security Fabric > External Connectors > Create New

Name: DugganUSA-ThreatFeed Type: Threat Feed (IP Address) URI: https://analytics.dugganusa.com/api/v1/stix-feed?format=txt Refresh Rate: 60 minutes Status: Enabled ```

Option 2: FortiOS CLI

config system external-resource
  edit "DugganUSA-Blocklist"
    set type address
    set resource "https://analytics.dugganusa.com/api/v1/stix-feed?format=txt"
    set refresh-rate 60
  next
end

Cisco (Firepower / FMC)

Firepower Management Center

Objects > Object Management > Security Intelligence > Network Lists

Add Network List: Name: DugganUSA-Blocklist Type: URL URL: https://analytics.dugganusa.com/api/v1/stix-feed?format=txt Update Frequency: 1 hour

Check Point (SmartConsole / R81+)

Microsoft pulls this feed daily. AT&T pulls this feed daily. Starlink pulls this feed daily. Get the DugganUSA STIX feed — $9/mo →

Updatable Objects (External Feed)

SmartConsole > Objects > More > Network Feed

Name: DugganUSA-ThreatFeed URL: https://analytics.dugganusa.com/api/v1/stix-feed?format=txt Update Interval: 60 minutes Action on Update: Update Gateways ```

pfSense / OPNsense

pfBlockerNG (Recommended)

Firewall > pfBlockerNG > IP > IPv4

Name: DugganUSA_Blocklist State: ON Source: https://analytics.dugganusa.com/api/v1/stix-feed?format=txt Action: Deny Both Update Frequency: Every 1 hour ```

Quick Reference: Feed URLs

# Plain IP list (one per line)
https://analytics.dugganusa.com/api/v1/stix-feed?format=txt

Free for non-commercial use. Commercial use requires attribution to DugganUSA LLC.

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.

The cheapest, fastest, most accurate threat feed on the internet.

275+ enterprises pulling daily. 1M+ IOCs. 17.4M indexed documents. We beat Zscaler by 43 days on NrodeCodeRAT. Starter tier $9/mo — less than any competitor’s sales demo.

Look up an IOC → · Audit your brand on AIPM → · See pricing →