DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Just Another Day Taking Out the Trash

Patrick Duggan
Dec 12, 2025
4 min read

--- title: "Six Assholes From Beijing: How Routine Trash Collection Caught a Sanctioned Military Company" date: 2025-12-12 author: Patrick Duggan tags: [threat-intelligence, auto-block, qihoo-360, cloudflare, judge-dredd, china] category: Hall of Shame featured: true ---

December 9th, 2025. 4:55 PM UTC. Six IPs from the same /24 subnet hit our infrastructure. Nothing special. Just more internet garbage floating to the top of the pile.

Judge Dredd—our autonomous threat intel engine—did what it does every 5 minutes: checked the abuse scores, cross-referenced the ISP, and took out the trash. 28 seconds. No fanfare.

🔥 AUTO-BLOCKING: 101.198.0.135 (CN) - 100% abuse, 29 reports, VT: 4/95
    🔍 ISP check: Beijing Qihu Technology Company Limited → REPEAT OFFENDER: true
    🎯 PREDICTIVE PUCKERING: 101.198.0.0/24 flagged
    ✅ Blocked via Cloudflare IP List (malicious_assholes)
    🏆 Added to Hall of Shame (Asshole Score: 118.8)

Six IPs. 305 combined abuse reports. Blocked and forgotten.

Three days later, I'm reviewing the logs. I see "Beijing Qihu Technology Company Limited" and think—wait, that name sounds familiar.

Plot Twist: These Assholes Are Famous

Turns out "Beijing Qihu Technology Company Limited" is the corporate name for Qihoo 360—a Chinese "security" company that is:

• US Entity List (June 2020) - Commerce Department sanctioned

• Chinese Military Company (October 2022) - DoD designated

• Xinjiang Surveillance Enabler - Built infrastructure for Uyghur persecution

Judge Dredd didn't know any of this. It just saw 100% abuse scores and a repeat offender ISP. Blocked them like any other asshole.

The punchline: our routine garbage collection caught a US-sanctioned military company that Cloudflare Pro let walk right in.

The Detection Chain

Judge Dredd doesn't guess. Here's the evidence trail for each IP:

| IP | AbuseIPDB | VT | Reports | Asshole Score | Action | |----|-----------|-----|---------|---------------|--------| | 101.198.0.133 | 100% | 4/95 | 38 | 118.9 | BLOCKED | | 101.198.0.135 | 100% | 4/95 | 29 | 118.8 | BLOCKED | | 101.198.0.140 | 99% | 1/95 | 24 | 114.0 | BLOCKED | | 101.198.0.141 | 100% | 3/95 | 40 | 119.1 | BLOCKED | | 101.198.0.171 | 100% | 3/95 | 33 | 118.3 | BLOCKED | | 101.198.0.181 | 100% | N/A | 141 | N/A | BLOCKED |

Total: 305 abuse reports across 6 IPs.

The ISP check hit "Beijing Qihu Technology Company Limited" and immediately flagged it as a repeat offender. Predictive Puckering flagged the entire /24 subnet. All six got added to the `malicious_assholes` Cloudflare IP list automatically.

The Cloudflare Pro Problem

Here's the embarrassing part: Cloudflare Pro let them walk right in the front door.

Our $20/month Cloudflare Pro subscription includes their WAF, bot management, and IP reputation. None of it flagged Qihoo 360. A US-sanctioned Chinese military company—one that the US government explicitly says enables surveillance and has ties to the Chinese military—gets a free pass from Cloudflare's "enterprise-grade" security.

Our $75/month homebrew threat intel caught them in 28 seconds.

The Rap Sheet

Since we're naming and shaming, let's talk about what Qihoo 360 has been up to:

1. Xinjiang Surveillance

The US sanctioned them for "enabling China's high-technology surveillance" in Xinjiang—part of the infrastructure that powers mass detention of over a million Muslims.

2. The iPhone Exploit They Weaponized

In November 2018, Qihoo 360 researcher Qixun Zhao won $200,000 at the Tianfu Cup for an iPhone exploit. Within weeks, Chinese intelligence used that exact exploit against Uyghur iPhones. MIT Technology Review confirmed: the Tianfu hack and the Uyghur hack were one and the same.

3. VPN Data Harvesting

Qihoo 360 secretly owns popular "free" VPNs through shell companies: Turbo VPN, VPN Proxy Master, Thunder VPN, Snap VPN, Signal Secure VPN. Millions of Americans routing their traffic through a sanctioned Chinese military company.

4. The "We Found the CIA" Propaganda

Their CEO Zhou Hongyi claims they exposed CIA and NSA hacking operations and that's why they got sanctioned. The actual reason: Xinjiang surveillance. Nice try.

WHOIS Receipts

inetnum:        101.198.0.0 - 101.199.255.255
netname:        QIHOO
descr:          Beijing Qihu Technology Company Limited
abuse-mailbox:  [email protected]
ASN:            AS23724 (China Telecom - state-owned)

They own 131,072 IPs in that block. We blocked 6. Time to consider blocking the whole /15.

The Timeline

• December 5, 2025 06:26 UTC: First appeared in pattern discovery as part of a 707-IOC "recent surge" cluster

• December 9, 2025 16:55 UTC: Judge Dredd auto-blocks all 6 IPs (routine trash collection)

• December 12, 2025: I look at the dashboard, see "Beijing Qihu Technology" and go "wait, who?"

Seven days in our threat feed. Blocked automatically on Day 4. I didn't find out they were famous until Day 7.

That's the whole point: the system doesn't need to know you're a sanctioned military company. It just needs to know you're an asshole.

What Judge Dredd Saw

The auto-block decision tree:

1. AbuseIPDB Score: 99-100% → Proceed 2. VirusTotal: 1-4 detections → Corroborating evidence 3. ISP Lookup: "Beijing Qihu Technology Company Limited" → Known bad actor 4. Repeat Offender Check: TRUE → Escalate 5. Predictive Puckering: Flag entire /24 subnet 6. Action: Add to `malicious_assholes` list, generate Hall of Shame entry

No human in the loop. No delay. No mercy.

The Punchline

These weren't special. They weren't targeted. They were just six assholes from Beijing with 100% abuse scores who happened to work for a company the US government sanctioned for helping surveil Uyghurs.

• 100% abuse confidence

• Repeat offender ISP

• 305 community abuse reports

And it took out the trash.

Meanwhile, Cloudflare Pro—with their "advanced threat intelligence"—let them walk right in. A US-sanctioned Chinese military company. No flag. No block. Nothing.

• AbuseIPDB (free tier)

• VirusTotal (free tier)

• A 500-line Node.js script

• $75/month Azure bill

The lesson: You don't need to know who the bad guys are. You just need a system that recognizes asshole behavior.

The law doesn't care about your geopolitics. The law cares about your abuse score.

Technical Details

• 101.198.0.133

• 101.198.0.135

• 101.198.0.140

• 101.198.0.141

• 101.198.0.171

• 101.198.0.181

Recommended Block: 101.198.0.0/15 (entire Qihoo allocation)

MITRE ATT&CK: T1595 - Active Scanning, T1590 - Gather Victim Network Information

• [Qihoo 360 on US Entity List](https://www.opensanctions.org/entities/trade-csl-d2e76502da5bb9f3c1e5fe8f1a2705e081ddef6655337e14bee8925f/)

• [MIT Technology Review: iPhone Exploit Used Against Uyghurs](https://www.technologyreview.com/2021/05/06/1024621/china-apple-spy-uyghur-hacker-tianfu/)

• [VPNs Linked to Qihoo 360](https://www.malwarebytes.com/blog/news/2025/04/popular-vpns-are-routing-traffic-via-chinese-companies-including-one-with-link-to-military)

*Judge Dredd runs every 5 minutes. The law doesn't sleep.*

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]