DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Someone in Paris Is Hammering Our Epstein Search Portal 6,000 Times a Day. Cloudflare Says No.

Patrick Duggan
2 days ago
3 min read

On April 3, 2026, we received 588 requests from France. 44 were flagged as threats. Normal day. Normal ratio.

On April 4, we received 4,779 requests from France. 3,490 were threats. That is a 73% threat ratio — overnight.

It has not stopped.

April 5: 5,436 requests, 4,096 threats (75%). April 6: 4,376 requests, 3,471 threats (79%). April 7: a brief dip to 48%. April 8: 8,006 requests, 6,313 threats (79%). April 9 as of this writing: 4,793 requests, 3,809 threats (79%).

Something turned on April 4 and it is still running.

Who

BUCKLOG SARL (AS211590). A Paris-based hosting provider with no downstream networks and no peering agreements. Pure scanner infrastructure. GreyNoise Labs documented them in February 2026 running a French Kubernetes cluster hunting webhook endpoints across the internet.

They are not subtle. They are not sophisticated. They are persistent.

What They Are Hitting

Three targets, in order of volume:

epstein.dugganusa.com — our Epstein document search portal. 2,827 blocked requests yesterday alone.

security.dugganusa.com — our security operations dashboard. 2,673 blocked requests.

www.dugganusa.com — the blog. 806 blocked requests.

The Epstein portal is the primary target. Someone in Paris wants into our 400,750-document Epstein archive badly enough to throw 6,000 requests a day at it.

What They Are Getting

Nothing. Our Cloudflare Edge Shield catches them before the request touches our origin server. The Worker runs at the edge — zero latency, zero external lookups. Known scanners get a 418 response: "We see you. We indexed you." Known IOCs get blocked. Everything else passes clean with geo-enrichment headers.

The Edge Shield is open source. It blocks using our own STIX feed — the same feed that Microsoft, AT&T, and 275 other consumers pull daily. The scanner hitting us is being blocked by the same threat intelligence that protects Fortune 500 networks.

Every blocked request gets logged. Every IP gets indexed. Every user agent gets fingerprinted. They are not breaching our infrastructure. They are feeding it.

Why This Matters

This is not a random scan. Random scanners do not focus 79% of their traffic on a single target — the Epstein search portal — and sustain it for six consecutive days. Someone is either:

Trying to enumerate our document index to understand what we have
Looking for a vulnerability in the search interface to gain direct access to the archive
Running automated queries against the search API to extract content
Stress-testing the infrastructure hoping for a denial of service

All four scenarios assume the same thing: someone in Paris cares enough about what is in our Epstein files to dedicate infrastructure to getting at them.

We have 400,750 indexed DOJ documents. The DOJ released 3.5 million pages in January 2026. Zero new US federal prosecutions followed. The only arrests happened in the UK (Prince Andrew) and Norway (Thorbjorn Jagland). France has not acted on any of the files despite having several citizens named in the documents.

Peter Mandelson was arrested in the UK. Jagland was charged in Norway. Nobody in France has been touched — yet French infrastructure is the primary source of hostile traffic against our archive.

The Numbers

Our STIX feed has 1,058,540 indicators. Our Edge Shield runs at the Cloudflare edge in 300+ cities. Our budget is roughly $550 a month. The scanner hitting us has dedicated Kubernetes infrastructure in a French data center.

They are spending more money trying to get in than we spend running the entire platform.

That is the gap. That is the mission.

What We Did

We indexed them. Their IPs are now in our STIX feed. Every consumer who pulls our feed — every SIEM, every firewall, every OPNsense box — now blocks BUCKLOG traffic automatically. The scanner that tried to breach our Epstein archive is now being blocked by the same threat intelligence infrastructure that protects critical networks in 46 countries.

They came to take. They left as a data point.

The Edge Shield is open source: github.com/pduggusa/dugganusa-edge-shield

The STIX feed is free: analytics.dugganusa.com/api/v1/stix-feed

The Epstein search is free: epstein.dugganusa.com

We are still here. They are still blocked.

-- DugganUSA LLC, Minneapolis MN