DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

The Entire Planet Gets Our Threat Intelligence For Free (Because Hoarding IOCs is Morally Indefensible)

Patrick Duggan
Nov 2, 2025
5 min read

# The Entire Planet Gets Our Threat Intelligence For Free (Because Hoarding IOCs is Morally Indefensible)

**TL;DR:** We just launched a fully automated threat intelligence feed that publishes every attack, every asshole, every IOC in real-time. Cost: $0/year. Competitors charge $25K-65K/year for the same data behind paywalls. We're giving it away because hoarding threat intelligence while the planet burns is bullshit.

What We Built

**DugganUSA Automated Threat Intelligence Feed:**

- **Real-time publishing:** New threats published to www.dugganusa.com within seconds of blocking

- **Full disclosure:** IP address, ISP, country, AbuseIPDB score, VirusTotal detections, MITRE ATT&CK techniques

- **Human-readable:** Proper shit-talk + forensic evidence (because dry IOC feeds are boring)

- **Machine-readable:** Structured data for automation (coming soon: JSON/RSS feeds)

- **Cost:** $0/year (forever)

- **Updates:** Continuous (every blocked threat gets a Hall of Shame post)

**The Flow:**

1. Asshole attacks security.dugganusa.com

2. AbuseIPDB + VirusTotal profile the threat (2 seconds)

3. Cloudflare WAF blocks the IP (instant)

4. MITRE ATT&CK techniques mapped (kill chain analysis)

5. **Blog post auto-generated and published to Wix** (3 seconds)

6. Asshole immortalized in our Hall of Shame (forever)

**Human intervention required:** Zero. Nada. None.

The Problem with Traditional Threat Intelligence

**CrowdStrike Falcon Intelligence:** $25,000/year

**Recorded Future:** $40,000/year

**Mandiant Threat Intelligence:** $65,000/year

**What you get:**

- IOCs (IP addresses, domains, hashes)

- Attack attribution (sometimes)

- MITRE ATT&CK mappings (if you're lucky)

- Delivered: Days to weeks after the attack

- Format: Proprietary dashboards, CSV exports

- Access: Behind paywalls and NDAs

**What we give you:**

- Same IOCs (IP addresses, ISP details, country)

- Attack evidence (AbuseIPDB scores, VirusTotal detections)

- MITRE ATT&CK mappings (automated kill chain analysis)

- Delivered: **Seconds** after the attack

- Format: Blog posts (human-readable) + structured data (coming)

- Access: **Free, public, no login required**

**The only difference:** We include appropriate shit-talk to prove we're confident in our data.

Why Give It Away For Free?

Reason #1: The Streisand Effect (Security Edition)

**Traditional Security:** Hide your IOCs, keep your threat data private, don't let attackers know you caught them.

**DugganUSA:** Publish every attack publicly with receipts. If you can roast your attackers WITH EVIDENCE, you're proving:

1. **Your defenses work** (0% success rate for attackers)

2. **Your monitoring works** (caught every attempt)

3. **Your automation works** (published in real-time)

4. **You have nothing to hide** (Brian Krebs philosophy)

When we publish "Hall of Shame #147: 101.36.119.78 - The Hong Kong Asshole Who Thought They Could Hide", we're not just sharing an IOC. We're proving:

- We detected the attack (forensic evidence included)

- We profiled the threat (AbuseIPDB: 100%, VirusTotal: 3/95 detections)

- We blocked it instantly (Cloudflare WAF)

- We documented it publicly (Hall of Shame)

- **We have zero fear of retaliation** (because our defenses work)

Reason #2: Hoarding Threat Intelligence is Morally Indefensible

**The Planet is Burning:**

- SolarWinds breach: $100M+ damage

- Colonial Pipeline ransomware: $4.4M ransom + gas shortages

- MOVEit vulnerability: 2,000+ organizations compromised

- Log4Shell: Millions of vulnerable systems

**Meanwhile, threat intel companies:**

- Sit on IOCs for weeks before publishing

- Charge $25K-65K/year for access

- Lock data behind NDAs and proprietary platforms

- Prioritize profit over planetary security

**DugganUSA:**

- Publishes IOCs in real-time (seconds, not weeks)

- Costs $0/year (no paywalls, no subscriptions)

- Public access (no NDAs, no logins required)

- **We prioritize planetary security over profit**

If hoarding clean water during a drought is immoral, hoarding threat intelligence during a cybersecurity crisis is equally indefensible.

Reason #3: We're Just That Good

**Our Automation vs Their Manual Processes:**

| **Task** | **Traditional Threat Intel** | **DugganUSA** |

|----------|------------------------------|---------------|

| Detect attack | SIEM alerts, manual triage | Automated profiling (AbuseIPDB + VirusTotal) |

| Block threat | Manual firewall rules | Cloudflare WAF IP List (1 rule blocks 1,000 IPs) |

| Document IOC | Analyst writes report | Auto-generated Hall of Shame post |

| Publish | CSV export to subscribers | Live blog post on www.dugganusa.com |

| Time to publish | Days to weeks | **3 seconds** |

| Cost | $25K-65K/year | **$0/year** |

**We can afford to give it away because our automation is so efficient it costs us literally nothing to run.**

The only cost is Claude Code subscription ($47/month), which we're already paying for development. The threat intel feed is a rounding error.

The Technical Implementation (For the Nerds)

**Stack:**

- **Detection:** AbuseIPDB + VirusTotal APIs

- **Blocking:** Cloudflare WAF IP Lists

- **Kill Chain:** MITRE ATT&CK automated technique mapping

- **Publishing:** Wix Blog API (auto-generated markdown → richContent)

- **Storage:** Azure Table Storage (BlockedAssholes table)

- **Automation:** Node.js microservice (analytics-dashboard)

- **Cost:** $0 additional infrastructure (existing Azure subscription)

**The Flow (Code):**

**Lines of code:** 112 lines (publishHallOfShameToWix function)

**Deployment time:** 2 minutes (build Docker image → deploy to Azure)

**Time to first published post:** 3 seconds after attack blocked

The Numbers (Because We Show Our Work)

Backlog Publishing (Today)

- **Total threats blocked:** 277 IPs

- **Hall of Shame posts generated:** 255 markdown files

- **Published before today:** 27 posts

- **Published today:** 220+ posts (and counting)

- **Remaining:** ~27 posts (final batch running)

Publishing Throughput

- **Rate:** 4 posts/minute (2-second rate limiting to avoid Wix API throttling)

- **Batch 1:** 20 posts in 5 minutes

- **Batch 2:** 100 posts in 25 minutes

- **Total capacity:** ~240 posts/hour (if needed)

Cost Analysis

| **Component** | **Traditional Threat Intel** | **DugganUSA** |

|---------------|------------------------------|---------------|

| SIEM | $50K-200K/year | $0 (built our own) |

| Threat Intel Feed | $25K-65K/year | $0 (publishing our own) |

| Analyst Team | $150K-400K/year (2-4 analysts) | $0 (fully automated) |

| Infrastructure | $5K-20K/year | $77/month (existing Azure subscription) |

| **Total Annual Cost** | **$230K-685K/year** | **$924/year** |

**Savings:** 99.6% cost reduction (or 249× to 741× efficiency multiplier)

What's Next

Phase 1: Backlog Publishing (In Progress)

- Publishing remaining 27 Hall of Shame posts from backlog

- **ETA:** 10 minutes

- **Status:** 🔄 Running

Phase 2: ISP Spotlight Posts (Coming Soon)

- Aggregate Hall of Shame posts by ISP

- Example: "ISP Spotlight: UCloud Information Technology - 12 Assholes This Month"

- Trigger: 5+ IPs from same ISP OR monthly cron job

Phase 3: Country-Level Threat Analysis (Coming Soon)

- Example: "Russia: 47 Assholes Blocked This Month"

- Geopolitical threat intelligence + marketing content

Phase 4: Machine-Readable Feeds (Coming Soon)

- JSON API: GET /api/hall-of-shame (structured IOC data)

- RSS feed: Subscribe to new Hall of Shame posts

- CSV export: Bulk download all IOCs

Phase 5: MITRE ATT&CK Trend Analysis (Coming Soon)

- Example: "T1071 (Application Layer Protocol): Most Common Technique This Month"

- Security research + educational content

The Pitch (For Everyone Else)

**If you're a security team:**

Subscribe to our Hall of Shame feed. Free IOCs, real-time updates, MITRE ATT&CK mappings. No paywalls, no NDAs, no bullshit.

**If you're a threat intel vendor:**

Compete with us. We're publishing everything for free. If you can't beat $0/year, pivot.

**If you're an attacker:**

You're already immortalized in our Hall of Shame. Every attack you send gets profiled, blocked, documented, and published publicly. With receipts. Forever.

**If you're the planet:**

You're welcome. We'll protect you for free because hoarding threat intelligence while the planet burns is morally indefensible.

The Meta Joke

**This blog post:** Written collaboratively by Patrick Duggan + Claude Code (the type of content WE work on together)

**Hall of Shame posts:** Auto-generated and published by analytics-dashboard with ZERO human involvement (the type of content that writes itself)

We just built a system that blogs about assholes automatically. And now we're blogging about the system that blogs about assholes automatically.

**Recursion level:** 2

**Confidence level:** 95% (guarantee 5% bullshit exists, epistemic humility law enforced)

**Asshole Score:** 0/100 (we're the good guys)

*This post is forensically accurate and based on real deployments, real automation, and real IOCs published to www.dugganusa.com. Every claim is backed by evidence in our compliance/evidence directory. Come at us with facts, not feelings.*