{ "type": "Domain", "indicator": "max.ru", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/max.ru", "alexa": "http://www.alexa.com/siteinfo/max.ru", "indicator": "max.ru", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4324134035, "indicator": "max.ru", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 21, "pulses": [ { "id": "69f42549701e678a4b05527d", "name": "DugganUSA Threat Intel 2026-05-01 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-31T05:19:13.706000", "created": "2026-05-01T04:00:09.875000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Hong Kong", "Japan", "Singapore", "Korea, Republic of", "Brazil", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Bulgaria", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 40, "domain": 18 }, "indicator_count": 58, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "9 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f2d3c9caf22a54bf63b67d", "name": "DugganUSA Threat Intel 2026-04-30 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-30T04:04:00.214000", "created": "2026-04-30T04:00:09.139000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "Singapore", "United States of America", "Netherlands", "Hong Kong", "China", "Australia", "Japan", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Germany", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "Sweden", "France", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 41, "domain": 18 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f1824a4e3c096f49c3b799", "name": "DugganUSA Threat Intel 2026-04-29 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-29T04:00:47.823000", "created": "2026-04-29T04:00:10.667000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "Hong Kong", "Brazil", "Germany", "United States of America", "Singapore", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Russian Federation", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "Malaysia", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 19, "hostname": 47 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f030cafe5566b4669264e3", "name": "DugganUSA Threat Intel 2026-04-28 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-28T04:06:43.668000", "created": "2026-04-28T04:00:10.514000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Singapore", "Korea, Republic of", "Germany", "Hong Kong", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Russian Federation", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "Malaysia", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 38 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69eedf49c34c50101e9e9df3", "name": "DugganUSA Threat Intel 2026-04-27 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-27T04:13:05.385000", "created": "2026-04-27T04:00:09.194000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Singapore", "Korea, Republic of", "Germany", "Hong Kong", "Brazil", "Japan", "Indonesia", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Latvia", "Denmark", "Malaysia", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 21, "hostname": 49 }, "indicator_count": 70, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ec3c474333121ea703e355", "name": "DugganUSA Threat Intel 2026-04-25 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-25T04:21:46.500000", "created": "2026-04-25T04:00:07.334000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Belgium", "Netherlands", "United Kingdom of Great Britain and Northern Ireland", "Japan", "Sweden", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Singapore", "Hong Kong", "Germany", "China", "Brazil", "Iceland", "Poland", "Mexico", "Australia", "Switzerland", "Norway", "France", "Italy", "Ireland", "Romania", "Israel", "Spain", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 19, "hostname": 47 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 196, "modified_text": "6 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69eaeac8deb633abc1852809", "name": "DugganUSA Threat Intel 2026-04-24 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-24T04:25:58.622000", "created": "2026-04-24T04:00:08.531000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Singapore", "Germany", "Hong Kong", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Russian Federation", "Mexico", "Australia", "Switzerland", "Norway", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "France", "Liechtenstein", "United Arab Emirates", "India", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 20, "hostname": 52 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e99989404ff331ec60d37b", "name": "DugganUSA Threat Intel 2026-04-23 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-23T04:13:23.120000", "created": "2026-04-23T04:01:13.464000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Singapore", "Hong Kong", "Germany", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "T\u00fcrkiye", "Sweden", "Russian Federation", "Mexico", "Australia", "Switzerland", "Norway", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "France", "Liechtenstein", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 40 }, "indicator_count": 58, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a03f74a45ec1801da790ddd", "name": "DugganUSA Threat Intel 2026-05-13 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-13T04:00:10.425000", "created": "2026-05-13T04:00:10.425000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Hong Kong", "Singapore", "Indonesia", "Germany", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "United Kingdom of Great Britain and Northern Ireland", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Romania", "Russian Federation", "Israel", "Finland", "Spain", "Denmark", "Malaysia", "Lithuania", "Liechtenstein", "France", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 702, "domain": 26, "hostname": 57 }, "indicator_count": 785, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "18 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02a5c918702f5451bd23cd", "name": "DugganUSA Threat Intel 2026-05-12 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-12T04:00:09.092000", "created": "2026-05-12T04:00:09.092000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Hong Kong", "Singapore", "China", "Korea, Republic of", "Brazil", "Japan", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "Australia", "Norway", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 595, "domain": 17, "hostname": 46 }, "indicator_count": 658, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0154472079c0d5cb7198eb", "name": "DugganUSA Threat Intel 2026-05-11 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-11T04:00:07.669000", "created": "2026-05-11T04:00:07.669000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Hong Kong", "Singapore", "Germany", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Canada", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Romania", "Russian Federation", "Israel", "Finland", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 668, "domain": 20, "hostname": 42 }, "indicator_count": 730, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a01544657d12666d1d3729a", "name": "DugganUSA Threat Intel 2026-05-11 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-11T04:00:06.561000", "created": "2026-05-11T04:00:06.561000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Hong Kong", "Singapore", "Germany", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Canada", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Romania", "Russian Federation", "Israel", "Finland", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 668, "domain": 20, "hostname": 42 }, "indicator_count": 730, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0002c979fedddc0cd4e0a2", "name": "DugganUSA Threat Intel 2026-05-10 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-10T04:00:09.655000", "created": "2026-05-10T04:00:09.655000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Hong Kong", "Singapore", "Germany", "China", "Brazil", "Japan", "Iceland", "Poland", "Netherlands", "Andorra", "Sweden", "Mexico", "United Kingdom of Great Britain and Northern Ireland", "Australia", "Norway", "Switzerland", "Italy", "Saudi Arabia", "Ireland", "Romania", "Israel", "Spain", "Uzbekistan", "Denmark", "Finland", "Lithuania", "Liechtenstein", "France", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 779, "domain": 18, "hostname": 45 }, "indicator_count": 842, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "21 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69feb1487262aefd89bfaeab", "name": "DugganUSA Threat Intel 2026-05-09 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-09T04:00:08.366000", "created": "2026-05-09T04:00:08.366000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Singapore", "Hong Kong", "Japan", "Germany", "China", "Brazil", "Iceland", "Poland", "Netherlands", "Andorra", "Sweden", "Mexico", "United Kingdom of Great Britain and Northern Ireland", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Finland", "Spain", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 673, "domain": 18, "hostname": 45 }, "indicator_count": 736, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd5fca1ff89cf9ff5416ff", "name": "DugganUSA Threat Intel 2026-05-08 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-08T04:00:10.047000", "created": "2026-05-08T04:00:10.047000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Hong Kong", "Singapore", "Japan", "Germany", "Brazil", "China", "Iceland", "Poland", "Netherlands", "Andorra", "Sweden", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 676, "domain": 17, "hostname": 42 }, "indicator_count": 735, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fc0e4874390d7de9a2acbe", "name": "DugganUSA Threat Intel 2026-05-07 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-07T04:00:08.541000", "created": "2026-05-07T04:00:08.541000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Morocco", "Hong Kong", "Singapore", "Japan", "Germany", "Brazil", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Romania", "Russian Federation", "Israel", "Luxembourg", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein", "France", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 749, "hostname": 44, "domain": 17 }, "indicator_count": 810, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fabcc704d1aae0ae7cf40f", "name": "DugganUSA Threat Intel 2026-05-06 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-06T04:00:07.961000", "created": "2026-05-06T04:00:07.961000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Morocco", "Korea, Republic of", "Singapore", "Hong Kong", "Japan", "Germany", "Brazil", "China", "Iceland", "Poland", "Netherlands", "Venezuela, Bolivarian Republic of", "Sweden", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "United Kingdom of Great Britain and Northern Ireland", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Luxembourg", "Spain", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 685, "hostname": 46, "domain": 17 }, "indicator_count": 748, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f96b486627d581cfa4a33f", "name": "DugganUSA Threat Intel 2026-05-05 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-05T04:00:08.133000", "created": "2026-05-05T04:00:08.133000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Singapore", "Hong Kong", "Japan", "Germany", "China", "Brazil", "Iceland", "Poland", "Netherlands", "Venezuela, Bolivarian Republic of", "Sweden", "Mexico", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Australia", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "Iraq", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 671, "domain": 18, "hostname": 44 }, "indicator_count": 733, "is_author": false, "is_subscribing": null, "subscriber_count": 193, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f819fc345a869d3c6d8292", "name": "DugganUSA Threat Intel 2026-05-04 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-04T04:01:00.396000", "created": "2026-05-04T04:01:00.396000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Singapore", "Japan", "Germany", "Hong Kong", "Brazil", "Indonesia", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "Norway", "Switzerland", "Italy", "Ireland", "Australia", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Malaysia", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 625, "domain": 19, "hostname": 43 }, "indicator_count": 687, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f6c8498541a3d9e24940ae", "name": "DugganUSA Threat Intel 2026-05-03 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).", "modified": "2026-05-03T04:00:09.222000", "created": "2026-05-03T04:00:09.222000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Hong Kong", "Singapore", "Germany", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Argentina", "Venezuela, Bolivarian Republic of", "Sweden", "Ukraine", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 677, "domain": 18, "hostname": 39 }, "indicator_count": 734, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "28 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f576d174f2a35f7b1e6771", "name": "DugganUSA Threat Intel 2026-05-02 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-02T04:00:17.453000", "created": "2026-05-02T04:00:17.453000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Iceland", "Poland", "Germany", "Netherlands", "Sweden", "Bulgaria", "Brazil", "Mexico", "Singapore", "Hong Kong", "China", "Australia", "Japan", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Malaysia", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 554, "domain": 17, "hostname": 38 }, "indicator_count": 609, "is_author": false, "is_subscribing": null, "subscriber_count": 196, "modified_text": "29 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.dugganusa.com", "https://www.abuseipdb.com" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 21, "pulses": [ { "id": "69f42549701e678a4b05527d", "name": "DugganUSA Threat Intel 2026-05-01 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-31T05:19:13.706000", "created": "2026-05-01T04:00:09.875000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Hong Kong", "Japan", "Singapore", "Korea, Republic of", "Brazil", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Bulgaria", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 40, "domain": 18 }, "indicator_count": 58, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "9 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f2d3c9caf22a54bf63b67d", "name": "DugganUSA Threat Intel 2026-04-30 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-30T04:04:00.214000", "created": "2026-04-30T04:00:09.139000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "Singapore", "United States of America", "Netherlands", "Hong Kong", "China", "Australia", "Japan", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Germany", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "Sweden", "France", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 41, "domain": 18 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f1824a4e3c096f49c3b799", "name": "DugganUSA Threat Intel 2026-04-29 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-29T04:00:47.823000", "created": "2026-04-29T04:00:10.667000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "Hong Kong", "Brazil", "Germany", "United States of America", "Singapore", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Russian Federation", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "Malaysia", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 19, "hostname": 47 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f030cafe5566b4669264e3", "name": "DugganUSA Threat Intel 2026-04-28 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-28T04:06:43.668000", "created": "2026-04-28T04:00:10.514000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Singapore", "Korea, Republic of", "Germany", "Hong Kong", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Russian Federation", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "Malaysia", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 38 }, "indicator_count": 56, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69eedf49c34c50101e9e9df3", "name": "DugganUSA Threat Intel 2026-04-27 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-27T04:13:05.385000", "created": "2026-04-27T04:00:09.194000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Singapore", "Korea, Republic of", "Germany", "Hong Kong", "Brazil", "Japan", "Indonesia", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Latvia", "Denmark", "Malaysia", "Lithuania", "Liechtenstein", "France", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 21, "hostname": 49 }, "indicator_count": 70, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ec3c474333121ea703e355", "name": "DugganUSA Threat Intel 2026-04-25 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-25T04:21:46.500000", "created": "2026-04-25T04:00:07.334000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Belgium", "Netherlands", "United Kingdom of Great Britain and Northern Ireland", "Japan", "Sweden", "Russian Federation", "Serbia", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Singapore", "Hong Kong", "Germany", "China", "Brazil", "Iceland", "Poland", "Mexico", "Australia", "Switzerland", "Norway", "France", "Italy", "Ireland", "Romania", "Israel", "Spain", "Uzbekistan", "Denmark", "Lithuania", "Liechtenstein" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 19, "hostname": 47 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 196, "modified_text": "6 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69eaeac8deb633abc1852809", "name": "DugganUSA Threat Intel 2026-04-24 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-24T04:25:58.622000", "created": "2026-04-24T04:00:08.531000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Singapore", "Germany", "Hong Kong", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Russian Federation", "Mexico", "Australia", "Switzerland", "Norway", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "France", "Liechtenstein", "United Arab Emirates", "India", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 20, "hostname": 52 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 195, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e99989404ff331ec60d37b", "name": "DugganUSA Threat Intel 2026-04-23 #2", "description": "Auto-blocked threat IPs with SSL certificate enrichment. Discovered by DugganUSA threat intelligence pipeline.", "modified": "2026-05-23T04:13:23.120000", "created": "2026-04-23T04:01:13.464000", "tags": [ "dugganusa", "auto-blocked", "ssl-enrichment", "threat-intel" ], "references": [ "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Korea, Republic of", "Singapore", "Hong Kong", "Germany", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "T\u00fcrkiye", "Sweden", "Russian Federation", "Mexico", "Australia", "Switzerland", "Norway", "Italy", "Ireland", "Canada", "Romania", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Uzbekistan", "Denmark", "Lithuania", "France", "Liechtenstein", "United Arab Emirates", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 40 }, "indicator_count": 58, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a03f74a45ec1801da790ddd", "name": "DugganUSA Threat Intel 2026-05-13 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-13T04:00:10.425000", "created": "2026-05-13T04:00:10.425000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "United Arab Emirates", "Korea, Republic of", "Canada", "India", "Hong Kong", "Singapore", "Indonesia", "Germany", "Brazil", "Japan", "China", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "United Kingdom of Great Britain and Northern Ireland", "Australia", "Norway", "Switzerland", "Italy", "Ireland", "Romania", "Russian Federation", "Israel", "Finland", "Spain", "Denmark", "Malaysia", "Lithuania", "Liechtenstein", "France", "Belgium" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 702, "domain": 26, "hostname": 57 }, "indicator_count": 785, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "18 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02a5c918702f5451bd23cd", "name": "DugganUSA Threat Intel 2026-05-12 #2", "description": "DugganUSA threat intelligence \u2014 autonomous block decisions cross-referenced against AbuseIPDB and SSL certificate enrichment. Discovered by the DugganUSA pipeline (analytics.dugganusa.com).\n\nAbout DugganUSA:\n\u2014 17.9M cross-correlated documents \u00b7 1.13M IOC corpus \u00b7 22K MCP servers catalogued\n\u2014 Pattern 38+ supply-chain attack detection (caught NrodeCodeRAT 43 days before Zscaler)\n\u2014 PreCog precursor signal aggregator (called Christmas Eve DDoS 3 hours early)\n\u2014 Bloom-filter novelty check + Meilisearch cross-index correlation\n\u2014 Public left-of-boom ledger: dugganusa.com (43d Lynx, 28d Handala, 5d ShinyHunters cluster)\n\u2014 STIX 2.1 + TAXII 2.1 feed, Free $0/25/day \u00b7 Pro $99/2K/day \u00b7 Enterprise $995/50K/day\n\u2014 analytics.dugganusa.com/stix \u00b7 butterbot@dugganusa.com", "modified": "2026-05-12T04:00:09.092000", "created": "2026-05-12T04:00:09.092000", "tags": [ "dugganusa", "threat-intel", "country-sg", "country-us", "mixed-ip-domain" ], "references": [ "https://www.dugganusa.com", "https://analytics.dugganusa.com/api/v1/stix-feed/v2", "https://www.abuseipdb.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany", "Hong Kong", "Singapore", "China", "Korea, Republic of", "Brazil", "Japan", "Iceland", "Poland", "Netherlands", "Sweden", "Mexico", "Australia", "Norway", "Italy", "Ireland", "Canada", "Romania", "Russian Federation", "Israel", "Spain", "United Kingdom of Great Britain and Northern Ireland", "Denmark", "Lithuania", "Liechtenstein", "France", "United Arab Emirates" ], "malware_families": [], "attack_ids": [ { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1573.002", "name": "Asymmetric Cryptography", "display_name": "T1573.002 - Asymmetric Cryptography" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 595, "domain": 17, "hostname": 46 }, "indicator_count": 658, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "max.ru", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "max.ru", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780237704.6032808 }