DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

The Vikings Came for Silver. We Send IOCs.

Name: OTX Pulse - pduggusa
Creator: Patrick Duggan

Patrick Duggan
Dec 7, 2025
2 min read

--- title: "Velkommen, Team Blue Denmark!" slug: welcome-team-blue-denmark date: 2025-12-07 author: Patrick Duggan tags: [threat-intel, STIX, Denmark, community-defense, OTX] category: Community ---

December 7, 2025. Minneapolis, Minnesota. 11:43 AM Central.

I'm checking OTX subscriber notifications when I see it: Team Blue Denmark just subscribed to our STIX 2.1 feed. Subscriber sixteen. Our first confirmed Nordic security team.

The irony isn't lost on me.

Minnesota and Denmark

Minnesota has the largest population of Danish-Americans in the United States. My sister-in-law is from Copenhagen. The Vikings came here centuries ago - settled the farmland, built the churches, left their names on every third mailbox in Kandiyohi County.

Now I'm sitting in Minneapolis, unemployed, running a free threat intelligence feed from my basement. And Copenhagen just subscribed.

The data flows both ways across the Atlantic now. This one's personal.

What Team Blue Denmark Gets

The same thing Microsoft gets. The same thing AT&T Alien Labs gets. The same thing everyone gets:

• 37,910 indicators (and counting)

• 204 pulses of curated threat intelligence

• STIX 2.1 formatted for direct SIEM ingestion

• Novel IOCs before they hit mainstream feeds

• The occasional Russian phishing farm I find before breakfast

No premium tier. No "contact sales." No strings.

Just threat intel, shared freely, because that's how community defense should work.

The Numbers

Ten days ago, this feed didn't exist. Today:

• 16 subscribers including Fortune 500 security teams

• 37,910 indicators across 204 pulses

• 3,791 indicators per day velocity

• 1.6 new subscribers per day growth rate

At this pace, we'll hit 100,000 indicators by December 23rd. Christmas Eve eve. And the math says we'll have 42 subscribers by then.

42. The answer to life, the universe, and everything. Douglas Adams would appreciate a threat intel feed hitting that number.

Why Free?

Because I've been on the other side.

I've sat in SOCs where the budget for threat intel was zero. I've watched analysts manually correlate IOCs because we couldn't afford the feeds that would do it automatically. I've seen security teams flying blind because the intelligence existed - it just cost more than we had.

So when I started finding patterns - GitHub supply chain attacks, Russian credential farms, npm worms - I had a choice. Gate it behind a paywall, or give it away.

I chose to give it away.

Not because I'm noble. Because I'm tired of watching defenders lose fights they could win if they just had the data.

To Team Blue Denmark

Tak skal du have.

Thank you for trusting a one-man operation in Minnesota with your threat intelligence. I don't take that lightly. Every subscriber is a security team that decided our free feed was worth integrating into their stack. That's a vote of confidence I intend to earn every day.

Your security is our problem now.

Welcome to the feed.

Subscribe: OTX Pulse - pduggusa

STIX Feed: analytics.dugganusa.com/api/v1/stix-feed

Dashboard: analytics.dugganusa.com

*"So long, and thanks for all the IOCs."*

Skål.

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]