DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Show Receipts: The Numbers Don't Lie

Patrick Duggan
Dec 21, 2025
3 min read

--- title: "Show Receipts: Top 10 OTX, 11K AbuseIPDB Reports, All in 3 Weeks" slug: show-receipts-community-contributions-december-2025 date: 2025-12-21 author: Patrick Duggan tags: [otx, abuseipdb, threatfox, stix, community, velocity, receipts] category: Threat Intelligence featured: true ---

The Velocity

| Platform | Contribution | Time Frame | Ranking | |----------|--------------|------------|---------| | AlienVault OTX | 1,000,000+ indicators | 3-4 weeks | #10 globally | | AbuseIPDB | 11,000+ IP reports | 1-2 days | TBD | | STIX Feed | 1,017 enriched indicators | Continuous | 47 countries consuming | | ThreatFox | Active submissions | Ongoing | Community contributor |

Three weeks on OTX. Top 10 in contributed indicators.

Two days on AbuseIPDB. 11,000+ abuse reports.

OTX: #10 in Contributed Indicators

Leaderboard: `otx.alienvault.com/browse/global/users`

Username: `pduggusa`

Rank: #10

Time on platform: 3-4 weeks

The accounts above us? Years of contributions. 2015. 2017. 2019.

We joined December 2025. We're #10.

Why: Pattern 53 (PreCog Sweep) automates threat intelligence at scale. Hourly ThreatFox ingestion. Multi-source correlation. Auto-publish to OTX pulse. 24/7/365.

The enterprise vendors have headcount. We have automation that doesn't sleep.

AbuseIPDB: 11,000+ Reports in 48 Hours

Profile: `abuseipdb.com/user/256610`

Reports submitted: 11,000+

Time on platform: 1-2 days

Categories: SSH brute force, web attacks, port scanning, spam, hacking

AbuseIPDB doesn't have a public leaderboard. But 11,000 reports in 48 hours puts us in rare company.

• 11,000 reports / 48 hours = 229 reports/hour

• 229 reports/hour = 3.8 reports/minute

• Around the clock. Automated. Zero human intervention.

Why: Auto-blocker pipeline feeds directly to AbuseIPDB. Every IP that hits our honeypot, attacks our infrastructure, or shows malicious behavior gets reported. Automatically.

STIX Feed: 47 Countries Consuming

Endpoint: `analytics.dugganusa.com/api/v1/stix-feed`

Indicators: 1,017 enriched STIX 2.1 objects

Consumers: AT&T, Microsoft, Amazon, Google, Huawei, + 47 countries

Format: STIX 2.1 with MITRE ATT&CK mappings

Cost: $0

• `?since=<ISO8601>` - Delta feed (~90% bandwidth reduction)

• `?minimal=true` - Stripped context (~85% size reduction)

• `?limit=N&offset=N` - Pagination for controlled ingestion

The enterprise vendors charge $50K-$500K/year for threat feeds. Ours is free, open standard, and apparently good enough for Microsoft and AT&T to consume daily.

ThreatFox: Active Submissions

Platform: `threatfox.abuse.ch`

Status: Active community contributor

Focus: C2 infrastructure, malware delivery, stealer panels

ThreatFox is the gold standard for malware IOC sharing. We ingest hourly, correlate with VirusTotal, and contribute novel discoveries back.

• Stealc C2 infrastructure (Pattern 38 campaign)

• Rhadamanthys delivery domains

• Discord stealer networks

• GitHub-hosted malware droppers

The Automation Stack

This isn't manual work. This is:

Honeypot captures
    ↓
Auto-blocker evaluation
    ↓
AbuseIPDB report (automatic)
    ↓
ThreatFox correlation
    ↓
OTX pulse generation
    ↓
STIX feed update
    ↓
Repeat every hour

Infrastructure cost: $75/month

Human intervention: Zero

Uptime: 99.99%

Why This Matters

The enterprise threat intelligence model: 1. Detect threat 2. Add to proprietary database 3. Sell access for $500K/year 4. Community gets nothing

The DugganUSA model: 1. Detect threat (automated) 2. Report to AbuseIPDB (automatic) 3. Publish to OTX (automatic) 4. Update STIX feed (automatic) 5. Community gets everything, immediately, for free

Winner: The planet.

The Receipts

• 1,000,000+ indicators

• 10,100+ pulses

• 31 subscribers

• #10 global ranking

• 11,000+ reports

• 1-2 days on platform

• Categories: SSH, web attacks, scanning, spam

• 1,017 indicators

• STIX 2.1 format

• MITRE ATT&CK enriched

• 47 countries consuming

• Real-time stats

• Consumer analytics

• Churn analysis

What's Next

OTX Target: Top 5 by end of January 2026

AbuseIPDB Target: 50,000 reports by end of December

STIX Feed Target: 5,000 indicators with full enrichment

The velocity doesn't slow down. The automation doesn't sleep. The paywalls don't exist.

*DugganUSA LLC - Minnesota. Show receipts or shut up.*

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]