DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

The 192 Club: Meet the Internet's Biggest Asshole

Patrick Duggan
Dec 16, 2025
4 min read

title: "The 192 Club: Meet the Internet's Biggest Asshole"

slug: 192-club-inaugural-member-intelligence-hosting

date: 2025-12-16

author: Patrick Duggan

tags: [hall-of-shame, threat-intelligence, bulletproof-hosting, mirai, botnet, pfcloud]

category: Hall of Shame

featured: true

# The 192 Club: Meet the Internet's Biggest Asshole

On December 16, 2025, at 2:33 PM Central, an IP address walked into our threat detection system and immediately set a record that may never be broken.

**Asshole Score: 192**

Our previous champion? 170. This wasn't a competition. This was a massacre.

Welcome to the 192 Club. Population: 1.

The Defendant

**IP Address:** 204.76.203.31

**Location:** Netherlands (allegedly)

**ISP:** Intelligence Hosting LLC

Yes, they called themselves "Intelligence Hosting." The irony writes itself.

The Receipts

| Metric | Value | Commentary |

|--------|-------|------------|

| **Asshole Score** | 192 | New world record |

| **Abuse Score** | 100% | Perfect score (in the bad way) |

| **Total Reports** | 1,715 | That's 1,715 sysadmins who had to explain this dickhead to their boss |

| **CVEs** | 102 | Not a typo. One hundred and two. |

| **Open Ports** | 80, 3389 | Web server + RDP wide open |

| **Malware Families** | Mirai | Botnet distribution since 2022 |

The Corporate Structure (A Shell Game)

Let's follow the money across three jurisdictions:

**ARIN Registration:**

**Contact Info:**

**IP Allocation:**

So we have:

- **Dutch address**

- **German phone number**

- **US IP allocation**

- **"UG (haftungsbeschränkt)"** - German limited liability requiring minimal capital

This isn't a hosting company. It's a jurisdiction-hopping exercise designed to make prosecution impossible.

The Server (A Museum of Vulnerabilities)

Shodan tells us what's running:

**102 CVEs.** Including greatest hits like:

- **CVE-2021-40438** - SSRF in mod_proxy (critical)

- **CVE-2021-44790** - Buffer overflow (critical)

- **CVE-2022-22720** - HTTP Request Smuggling

- **CVE-2023-25690** - HTTP Request Splitting

- **CVE-2024-38476** - Server-Side Request Forgery

This isn't negligence. You don't accidentally run 102 CVEs with RDP wide open. This is attack infrastructure. The vulnerabilities are features, not bugs - they provide plausible deniability when the server gets "compromised."

The Criminal History

OTX shows 4 Mirai botnet samples distributed from this IP:

| Date | Hash | Detection |

|------|------|-----------|

| 2024-02-16 | df1039b9... | Unix.Trojan.Mirai-7755770-0 |

| 2024-02-16 | 62d834e1... | Unix.Trojan.Mirai-7755770-0 |

| 2022-07-19 | 18cbbcc1... | Unix.Trojan.Mirai-7100807-0 |

| 2022-07-11 | db86014d... | Unix.Trojan.Mirai-7100807-0 |

**This IP has been distributing Mirai botnet malware for over two years.**

Mirai, for those keeping score at home, is the botnet that took down half the internet in 2016. DNS provider Dyn, Twitter, Netflix, Reddit - all knocked offline by compromised IoT devices running Mirai.

And this IP is still distributing it. In 2024. From "Intelligence Hosting."

The Reviews

From [Trustpilot](https://www.trustpilot.com/review/pfcloud.io):

> "Avoid this company PFCloud.io like the PLAGUE"

> "...after the raid is over and cleared up assuming the owner isn't in prison"

> "extremely cheap with very lenient policies"

The marketing copy claims "privacy-focused hosting" with "free speech" values.

Translation: We don't ask questions, we don't keep logs, and we don't respond to abuse complaints.

The Threat Intelligence Consensus

**50 OTX pulses** reference this IP. The security community knows.

- Multiple honeypot feeds (Louisiana, Australia, global)

- IBM X-Force has them flagged

- AbuseIPDB at 100% confidence

- Now in the DugganUSA STIX feed

When honeypots in Louisiana and Australia both catch you, you're not running a targeted operation. You're spraying the entire internet.

Why 192?

Our asshole scoring algorithm factors:

1. **Abuse confidence** (100% = max)

2. **Total reports** (1,715 = very high)

3. **ISP reputation** (bulletproof hosting = terrible)

4. **Infrastructure type** (datacenter = suspicious)

5. **Historical behavior** (Mirai distribution = yikes)

6. **CVE exposure** (102 = unprecedented)

7. **Open attack surfaces** (RDP + web = bad combo)

Most assholes cap around 100-130. The previous record holder hit 170.

204.76.203.31 broke every threshold we have. The algorithm had to reach into territory we didn't think was possible.

**192 isn't just an asshole score. It's a statement.**

The Verdict

**Who:** Unknown customer of pfcloud bulletproof hosting

**What:** Mirai botnet infrastructure masquerading as a hosting company

**Where:** Netherlands (address), Germany (phone), USA (IP allocation)

**When:** Active since at least 2021, distributing malware since 2022, blocked by us 2025-12-16

**Why:** Money. Bulletproof hosting is profitable when you don't care about ethics.

**Status:** Blocked. First inductee into the 192 Club.

The 192 Club

This IP earned something nobody else has: a dedicated club for extraordinary assholery.

**Membership Requirements:**

- Asshole Score: 190+

- Must be running infrastructure so malicious it breaks our scoring algorithm

- Bonus points for ironic company names

**Current Members:**

1. 204.76.203.31 - Intelligence Hosting LLC (Founding Member)

The bar has been set. We hope nobody clears it.

Block This Asshole

**For your firewall:**

**For your SIEM:**

This IP is in our [free STIX 2.1 feed](https://analytics.dugganusa.com/api/v1/stix-feed), complete with MITRE ATT&CK mapping.

The Bottom Line

"Intelligence Hosting LLC" scored 192 on our asshole scale by:

- Distributing Mirai botnet malware since 2022

- Running 102 CVEs as features

- Operating across three jurisdictions to avoid prosecution

- Accumulating 1,715 abuse reports

- Calling themselves "Intelligence" while doing all of the above

Congratulations. You're the biggest asshole on the internet.

We blocked you in under a minute.

*DugganUSA LLC. Minnesota. $75/month Azure bill. Finding assholes that billion-dollar vendors miss.*

*Asshole blocked December 16, 2025 at 2:33 PM Central. Welcome to the 192 Club.*