DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Thank You MIDCO: When a Regional ISP Subscribes to Your Threat Intel Feed

Patrick Duggan
Dec 6, 2025
2 min read

December 6, 2025

I started this whole thing because I was tired of getting scraped. Built a honeypot, caught some bots, published some IOCs. Standard indie security researcher stuff.

Then Microsoft's threat intel team subscribed to my OTX feed.

Then AT&T Alien Labs.

Now MIDCO (Midcontinent Communications) - a regional telecommunications provider serving Minnesota, North Dakota, South Dakota, Kansas, and other parts of the Upper Midwest.

Why This Matters

MIDCO isn't a Fortune 500. They're not a giant cloud provider with infinite security budgets. They're the company that provides internet to Sioux Falls. To Fargo. To Bemidji.

They have Customer Experience Centers in places like Mitchell, South Dakota and Yankton. Real humans helping real customers in real communities.

And their security team decided our threat intelligence feed was worth subscribing to.

The Numbers

• 27,646 indicators in our OTX pulse library

• 134 threat intel pulses published

• 16 subscribers including Microsoft, AT&T, and now MIDCO

What MIDCO Gets

Every IOC we publish. Every Pattern 38 GitHub sleeper account. Every Pattern 43 password-protected malware dropper. Every Stealc C2 we find.

For free.

Because that's how threat intelligence should work. The attackers share their tools. Defenders should share their findings.

The Regional ISP Angle

Here's what most people don't understand about regional ISPs:

They're on the front lines. When a credential stuffing campaign hits, it's often residential IPs getting abused. When botnets recruit, they're recruiting grandma's router in Grand Forks.

MIDCO sees this traffic. They deal with abuse reports. They try to protect their customers from becoming unwitting participants in attacks.

Having access to real-time threat intel - especially supply chain attack patterns targeting developers - helps them:

1. Block known-bad infrastructure before it reaches customers 2. Identify compromised residential IPs on their network 3. Correlate abuse reports with known campaigns 4. Protect small businesses that can't afford enterprise security

The Midwest Security Stack

You know what I love about this?

I'm in Minnesota. MIDCO serves Minnesota (Bemidji represent).

This is Upper Midwest threat intel protecting Upper Midwest networks.

No Silicon Valley middleman. No enterprise sales cycle. Just a guy with a honeypot sharing IOCs with an ISP that needs them.

What's Next

• GreyNoise for noise reduction (filtering out mass scanners)

• Pulsedive for risk scoring

• Mandiant integration pending (signed up for free tier via CISA)

More sources = better correlation = fewer false positives = better protection for MIDCO's customers in Rapid City and Watertown.

Thank You

To the MIDCO security team: thank you for subscribing. Thank you for caring about threat intel. Thank you for protecting those communities.

To everyone else: the feed is free. Always has been. Always will be.

OTX Profile: pduggusa STIX Feed: https://analytics.dugganusa.com/api/v1/stix-feed/taxii/collections/threat-intel/objects

*Your security is our problem now.*

*- DugganUSA LLC, Minneapolis, Minnesota*

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]