DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

I Clicked the Candy Van: A Technical Roast of nixfred.com

Patrick Duggan
Dec 21, 2025
5 min read

--- title: "I Clicked the Candy Van: A Technical Roast of nixfred.com" slug: fred-nix-nixfred-hacking-simulator-roast date: 2025-12-21 author: Patrick Duggan tags: [roast, hacking-simulator, emc, storage, humor, fred-nix, javascript] category: Security Opinions featured: false ---

The Setup

A friend posted his creation to Reddit: "Roast my hacking simulator v2." The URL was nixfred.com. The pitch was simple: it grabs your IP, webcam, all the stuff browsers know about you, and roasts you.

The warning signs were there. A literal candy van. A big red button that says "Do Not Press." The kind of UI that screams "this will end in therapy."

I pressed it anyway. We all did. That's the point.

The Creator: Fred Nix

Before I roast the creation, let me establish the creator's credentials.

Fred Nix isn't some random JavaScript hobbyist. He was EMC's vSpecialist by day—working for Chad Sakac, the legendary CTO of the VMware business unit. By night? He was a rap music creator and stand-up comedian in Atlanta with a professional studio.

EMC regularly turned to Fred when they needed music for a big product launch or the annual Sales thank-you video. He was, in the words of one LinkedIn post, "EMC's musical secret weapon."

His greatest hit? "Oopa EMC Style!"—a Gangnam Style parody filmed on the EMC Santa Clara campus that became a viral internal hit. Featuring the dance moves of Chad Sakac himself.

So when Fred builds a "hacking simulator," understand: this isn't amateur hour. This is a professional entertainer with storage industry credentials applying his craft to psychological manipulation disguised as JavaScript.

Current gig: Storage & Compute Practice Manager at BTA. Still in the trenches. Still with access to a studio. Still choosing violence.

The Technical Autopsy

What nixfred.com Actually Does

Phase 1: The Temptation

You land on a page with a candy van and a button that says "Do Not Press." Classic reverse psychology. The button is red. The van is creepy. Your finger is already moving.

Phase 2: The Data Grab

The moment you click, the site fetches your real data:

• IP address via ipify.org

• Geolocation via ipapi.co (city, region, country)

• Browser fingerprint via navigator object

• WebGL renderer (graphics card identification)

• Screen resolution and timezone

This is all public API stuff—no actual exploitation. But seeing your suburb displayed on screen hits different when you weren't expecting it.

Phase 3: The Fake Takeover

A split-screen terminal appears. The left side shows "reconnaissance" commands:

$ whoami
victim
$ pwd
/home/poor-life-choices
$ cat /etc/shadow
[REDACTED - but we have it]

Fake password files. Fake SSH keys. Fake browser history showing embarrassing searches. Fake Amazon order history highlighting emotional purchases. Notes app entries with self-deprecating content.

None of it is real. All of it feels real.

Phase 4: The Roast

The right panel contains an extended monologue mocking your life choices, your decision to click the button, and your inability to close the tab. It tracks how long you've been engaged—publicly shaming your time investment.

• 1 pause: "Curious"

• 5 pauses: "Invested"

• 25 pauses: "Concerned"

• 100 pauses: "This is your life now"

• 1000 pauses: "You need professional help"

By pause 25, you're not reading anymore. You're grinding for achievements like a fucking platinum trophy.

The Psychological Engineering

This site is a masterclass in attention capture.

The Bait-and-Switch

It threatens actual compromise ("we have your files") but delivers introspective roasting instead. The fear turns to laughter turns to existential dread turns to "why am I still here."

The Sunk Cost Trap

Once you've invested 30 seconds, you want to see how it ends. Once you've invested 2 minutes, you're committed. Once you've paused 10 times, you're hunting achievements. The timer in the corner tracks your shame.

The Mexican Standoff

At the end, the script just... waits. It's done talking. But the timer keeps running. You're in a staring contest with 200 lines of JavaScript. Who blinks first?

This is the same energy as a Symmetrix demo that goes two hours over because the customer asked about deduplication ratios.

The EMC DNA

You can see Fred's EMC heritage in every design choice:

1. The Demo Mindset

This isn't a website. It's a demo. It has a beginning, middle, and end. It manages pacing. It holds attention. It closes with a call to action (close the tab, you're embarrassing yourself).

Every EMC SE learns to control a room. Fred learned to control a browser tab.

2. The Over-Engineering

The pause achievement system. The speed controls (W/S keys, 1x to 10x playback). The mobile touch optimization. The fullscreen API on rotation. This is enterprise software polish applied to a shitpost.

3. The Long Play

The roast doesn't end. It extends indefinitely with variations. If you don't close the tab, it keeps generating content. Like an EMC support contract that auto-renews.

What Needs Work (Constructive Violence)

1. No Webcam Shame

The Reddit post promised webcam. I prepared my face. Where's the "we see you picking your nose" moment? Even a fake green LED would've added panic. You blue-balled the paranoia and that's unforgivable.

2. Randomize the Roasts

Second run-through, I recognized the text. For maximum psychological damage, pull from an array so repeat victims get fresh trauma. Make it remember. Make it say "oh, you're back. that's sad."

3. The Mobile Rotation Prompt

"Please rotate your phone" is too polite. Real hackers rotate your phone FOR you. Via gyroscope API. While playing the THX sound.

4. Fake Data Buyers Ticker

• North Korean TikTok

• Your ex's new boyfriend

• LinkedIn recruiters

• That guy from high school who sells insurance now

• Dell Technologies Customer Success Team

5. The Ransomware Fake-Out

Add a timer counting down to "your files being encrypted" that actually just plays Never Gonna Give You Up. Commit to the bit.

The Overlap

Fred and I both came through the EMC/Dell storage wars. We both watched the $67 billion acquisition slowly lobotomize the company we knew. We both attended Symmetrix funerals (metaphorically) and VNX decommissions (literally).

The difference is Fred processed that trauma by building a candy van that psychologically manipulates strangers for entertainment. I processed it by building threat intelligence infrastructure that reports 11,000 malicious IPs to AbuseIPDB in 48 hours.

Same energy. Different output.

The Verdict

9/10 - Would get psychologically manipulated again.

Minus one point because the webcam promise was unfulfilled.

This site is what happens when an EMC vSpecialist who moonlights as a rapper and stand-up comedian discovers client-side JavaScript and chooses violence. It's technically solid, psychologically devastating, and ethically questionable in the best possible way.

The candy van got me. I am the mark. The candy was never real.

But neither was my dignity after pause 47.

The Links

• The Hacking Simulator: https://nixfred.com/

• Fred's LinkedIn: https://www.linkedin.com/in/frednix

• The Original Reddit Post: (link to the r/webdev or wherever he posted)

The Real Roast

Fred, you absolute psychopath. You took the demo skills that made EMC billions and used them to trap people in a browser tab for 8 minutes. You gamified self-loathing. You created a venus flytrap for people with too much time and not enough self-preservation instinct.

The site doesn't actually steal anything. But it steals something more valuable: time and dignity.

That's more EMC than anything Dell ever did with the acquisition.

I see you, Fred. We all see you.

*Patrick Duggan is a former storage industry guy who now runs threat intelligence infrastructure. He clicked the candy van. He stayed to the end. He is not proud of this.*

P.S. — If you're reading this, Fred: Oopa EMC Style was a banger. The candy van is a worthy successor. Keep choosing violence.

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]