UltaHost Exposed: ICANN-Breached, DMCA-Ignored Hosting Linked to 422+ Phishing Domains, Data Loss & Fraud
Officially cited by ICANN for failure to mitigate DNS abuse. Rated medium fraud risk by Scamalytics. Graded D by the BBB. Independent testing recorded 43.78% uptime — down for 17 straight days.
They market “freedom of material,” sell anonymous servers requiring no identity, and deploy AI chatbots that send customers into endless loops — while ignoring abuse reports that enable harassment, defamation, phishing, and fraud.
Their Business Model — “Freedom to Violate the Laws”
UltaHost doesn't hide what they offer. Their own marketing materials promote services designed to evade legal accountability. These aren't interpretations — these are direct quotes from their website.
“Freedom of Material: ... complete freedom of material.”
— UltaHost official website
“Legal Control: It is possible to violate the laws, rules, or cultural norms of one or more countries...”
— UltaHost official website
Actively marketed product line
Actively marketed product line
No real email or credit card required — pay with cryptocurrency
UltaHost is listed in multiple third-party guides as “bulletproof hosting” and categorized alongside offshore providers. According to CISA (Cybersecurity & Infrastructure Security Agency), bulletproof hosting providers “neither engage in good faith with legal processes nor with third-party or victim complaints.”
CISA's guidance states that BPH infrastructure is used for “command and control, malware delivery, phishing, and hosting illicit content in support of ransomware, data extortion, and denial of service attacks.”
Leadership & Official ICANN Breach
Who runs UltaHost, and why has the global domain authority formally cited them for non-compliance with their own registrar agreement?
Elin Doughouz
CEO & Co-Founder
Founder of Doughouz Group Ltd, ScriptSun Ltd, WoWonder (social network script), PlayTube, DeepSound, PixelPhoto, and Wolvor Global. Multinational operation established in 2018.
Deen Doughouz
CTO & Co-Founder
Brother of Elin. Also involved with ScriptSun Ltd, WoWonder, and Wolvor Global. UltaHost was incorporated in the USA in 2021.
Other Products & Customer Complaints
WoWonder — a PHP social network script sold on CodeCanyon under the author name “DoughouzForest” — has faced repeated customer complaints over several years. Users in developer Facebook groups, CodeCanyon reviews, and YouTube comments have accused the developers of:
- ●Refusing refunds on lifetime subscriptions
- ●Failing to provide promised updates and support
- ●Effectively abandoning the product, with users calling it “dead” and labeling the support team as unresponsive or “scammers”
- ●A Trustpilot reviewer alleging the software “has backdoors, and creates automatic accounts on the site to publish ads after you purchase it”
These complaints mirror broader patterns seen with UltaHost regarding support quality, refund denials, and unresponsive communication.
Disclaimer:No personal legal actions or criminal allegations have been found against Elin Doughouz or Deen Doughouz individually. The concerns documented on this page relate to their companies' business practices and customer treatment.
Official ICANN Notice of Breach
Issued February 5, 2025 to UltaHost, Inc. (IANA #4331)
On February 5, 2025, ICANN issued a formal Notice of Breach to UltaHost, Inc. for multiple violations of the Registrar Accreditation Agreement (RAA). UltaHost was given 21 days to cure the breach (deadline: February 26, 2025). This was one of only a very small number of such notices issued to any registrar that year.
Failure to Mitigate DNS Abuse
RAA Section 3.18.2
ICANN found that UltaHost failed to take action on reported DNS abuse. A specific example cited was the phishing domain pictetcapital-limited[.]com — impersonating a financial institution — which remained active despite reports.
Failure to Provide Abuse Records
RAA Section 3.18.4
UltaHost was required to maintain and provide records relating to abuse complaints. ICANN found they failed to comply, making it impossible to verify whether any abuse mitigation was occurring at all.
RDAP Non-Compliance
Registration Data Access Protocol
No IPv6 support and conflicting version information between their RDAP service and required specifications, making it unreliable for domain lookups and abuse investigation.
Additional Violations
Data Escrow, Contact & Policy
Additional issues with data escrow compliance, inaccurate registrar contact information, and failure to properly disclose required website policies — systemic governance failures.
Official ICANN Compliance Notice PDF
Hedlund to Doughouz — February 5, 2025
Phishing, Malware & Abuse Stats
The numbers paint a clear picture of a hosting provider that attracts and enables malicious activity at scale.
Documented: Hosting Criminal Content
A public review on HostDean (December 2025) reported that UltaHost was knowingly hosting a website selling counterfeit Euro banknotes. The reviewer stated they submitted a detailed abuse report with evidence, but UltaHost “rejected my report completely” — citing the use of a Gmail address as the reason for dismissal.
Reported Customer Abuse Patterns
VPS Servers Hacked
Repeated reports of VPS servers being compromised — backdoors added, forced restarts, one customer reporting all 3 of their virtual servers were hacked. Support blames customers rather than investigating infrastructure.
100GB Data Loss — Server Deleted
A customer in Mumbai reported their server was completely deleted after two weeks of downtime, losing approximately 100GB of data including several high-traffic business websites. UltaHost denied a refund citing policy.
False DDoS Protection Claims
False advertising on DDoS protection. UltaHost later clarified they only provide “basic DDoS protection” with no specific protection for game servers — contradicting marketing claims.
Blacklisted IPs
Customers commonly report being assigned blacklisted IP addresses, causing email deliverability failures and SEO penalties — a direct consequence of sharing infrastructure with abusive clients.
2026 Criminal Enabling Exposé: Fresh Evidence They Still Protect Scammers
Even after their ICANN breach and public criticism, UltaHost continues to shield criminals. The pattern hasn't changed — it's accelerated.
Abuse Reports Dismissed If Sent from Gmail
Reporters are told to “kick rocks” if they submit abuse complaints from a Gmail address — the exact type of non-response to abuse reports that caused their 2025 ICANN breach in the first place.
Hosted Counterfeit Currency Site — Abuse Report Rejected
UltaHost hosted peeslow.group — a site openly selling fake Euro banknotes. When a detailed abuse report with evidence was submitted, UltaHost rejected it completely, citing the reporter's use of a Gmail address as grounds for dismissal.
Backdoor Admin Accounts & Forced Reboots on Customer Servers
Multiple customers report discovering backdoor admin accounts and experiencing forced reboots on their VPS servers, with support allegedly re-adding malware after customers removed it. One customer lost all 3 of their virtual servers to hacking.
ICANN Breach Cure Dragged Out Until March 2026
Despite a 21-day cure deadline (February 26, 2025), the breach remediation process dragged out until March 2026 — during which time 422+ phishing domains were registered through their infrastructure, according to PhishDestroy.
Recent Victim Quotes (2025–2026)
“Kick rocks since you used a Gmail account.”
— Response to abuse report, 2025
“I got hacked multiple times… 3 virtual servers.”
— Trustpilot review, 2025
“Malware sharing company run by fraudsters and hackers.”
— Customer review, 2026
This is not oversight — this is a business model that enables fraud, defamation, and cybercrime while legitimate users lose everything. The evidence from 2025–2026 shows the same patterns ICANN cited in their breach notice, repeated and escalated.
Performance & Reliability Crisis
Independent testing and customer reports reveal a hosting provider that consistently fails to deliver on its performance promises.
WebsitePlanet Independent Test (2026)
In a controlled one-month test, WebsitePlanet recorded only 43.78% uptime — the site was down for 17 consecutive days with no explanation from support. The industry standard is 99.9% uptime.
“No word from support as to when it would be back or why it went down... The day I closed the account, I still couldn't access my site via cPanel.”
— WebsitePlanet review
Performance scores fluctuating between C and D grades, sometimes failing to load entirely
Approximately 900ms recorded in testing — far above the recommended 200ms threshold
Concerning loading time peaks over 2.5 seconds despite averaging 1.1s in best conditions
“Massively Slow Servers”
Multiple HostScore reviewers report “massively slow servers” with “many errors in WordPress,” with support requests going unanswered for over 24 hours. One customer described the WordPress hosting as “by far the worst I've ever seen.”
Forced Restarts Causing Financial Loss
A VPS customer running a trading system reported forced server reboots without notification that caused “real, measurable financial losses.” The server experienced multi-hour downtime on just the second day of service.
SSL Certificate Failures for 7 Months
A US-based customer (HostDean, December 2025) reported unresolved SSL certificate problems lasting 7 months, with browsers blocking their site despite repeated support requests. The issue was never fixed.
10 negative recommendations out of 73 total — unusually high negative ratio for a hosting provider
AI Bot Support & Deceptive Practices
Customers report being trapped in endless loops with automated responses that never resolve their issues, combined with a refund policy designed to deny claims.
UltaAI — The AI Wall
UltaHost deploys an AI assistant called “UltaAI” for customer interactions. While UltaHost claims “all our agents are human,” customers tell a different story:
- ●“Just a few automatic messages from bots, clearly, no human here to help you”
- ●“Chat support is mainly with AI even when it appeared they were talking with people”
- ●Copy-paste responses where “nobody actually read their requests”
- ●“Robotic answers and contradictions” creating endless loops
Deceptive Refund Policy
Despite prominently advertising a “30-day money-back guarantee,” the actual policy is structured to deny the vast majority of claims:
- ●Annual and biennial plans excluded — despite being pre-selected as defaults
- ●Purchases made with promo codes are ineligible — never disclosed at checkout
- ●Cryptocurrency payments only credited to UltaHost balance, not refunded to wallet
- ●Dedicated servers, VDS above $96.50, and custom software fees all excluded
Legal Threats Against Refund Seekers
A customer on WebHostingTalk reported that after requesting a refund just 4 days into service (that never worked), UltaHost responded with threats of legal action — “Lawyer, lawsuit, that kind of thing.” The customer had to contact their credit card company to force a chargeback.
Customer Suing in Multiple Jurisdictions
A Trustpilot reviewer stated they are “currently suing UltaHost in Singapore, UK and USA under false advertising and potential criminal activity,” describing the company as “a bunch of... scam companies [with] pretend names in the UK and US stealing money.”
Double-Billing & Unauthorized Charges
Customers report being charged twice for services, having payments deducted for cancelled services, and being offered only account credits instead of actual refunds — effectively trapping money inside the UltaHost ecosystem.
Unauthorized Server Modifications
A customer on HostDean (December 2025) reported that support staff “changed data on two of my servers without my permission” and “reinstalled all the XML files,” causing their configurations to break. Support then ignored follow-up questions.
Who Uses Bulletproof Hosting?
According to CISA, Intel 471, Huntress, and Spamhaus, the types of criminals attracted to DMCA-ignored and bulletproof hosting infrastructure include:
Phishing & Spam Operators
Hosting fake login pages impersonating banks, payment processors, and government agencies to steal credentials and financial data.
Ransomware Gangs
Running command-and-control servers and leak sites for ransomware operations, extorting businesses and individuals.
Malware Distribution
Hosting trojans, spyware, banking malware, and information stealers — using the infrastructure as a delivery platform.
Defamation & Cyberstalking
Publishing false accusations, doxing victims' personal information, and running coordinated harassment campaigns with impunity.
Botnet Operations
Running command-and-control infrastructure for botnets used in DDoS attacks, spam campaigns, and credential stuffing.
Counterfeit & Financial Fraud
Hosting sites selling counterfeit currency, stolen credit card data, fake documents, and running financial scam operations.
From CISA's official guidance: “Cybercriminals use BPH infrastructure for obfuscation, command and control, malware delivery, phishing, and hosting illicit content in support of a variety of malicious cyber activities, such as ransomware, data extortion, and denial of service attacks.” — In October 2025, CISA, along with allied agencies, specifically published guidance to help combat bulletproof hosting cybercrime.
Real Victim Stories
Behind every ignored abuse report is a real person or family whose life has been impacted. These accounts are drawn from public sources and firsthand reports.
A single troll site hosted on UltaHost published 15+ articles filled with false accusations of sex trafficking, prostitution rackets, and fraud against a businessman, his wife, and their legitimate businesses.
Despite multiple detailed abuse reports submitted over an extended period, UltaHost provided no response or removal — allowing the defamation to remain live for months, causing ongoing reputational and personal harm to the entire family.
A content creator publicly posted a “scam alert” accusing UltaHost of refusing to pay $800 owed for a completed paid review. After the review was published as agreed, UltaHost ghosted all communication.
A reviewer reported a UltaHost-hosted website selling counterfeit Euro banknotes. They submitted a detailed abuse report with evidence. UltaHost “rejected my report completely” — citing that the reporter used a Gmail address as the reason for dismissal.
A VPS customer in Mumbai discovered their server was completely deleted after two weeks of downtime — losing approximately 100GB of data including several high-traffic business websites. UltaHost charged the customer's card right before the outage, then denied a refund citing their policy. They offered only a new server and 3 months free — but the data was gone permanently.
“They allow known scammers to create websites that target innocent people. There is a reason they are in breach of compliance with ICANN.”
What Customers Say
Trustpilot has removed numerous fake reviews and currently displays a “Breach of guidelines” warning on UltaHost's profile. Despite a headline 4.6/5 rating, the persistent negative themes tell a very different story.
Abuse Reports Systematically Ignored
Multiple customers and third parties report that abuse complaints — including phishing, defamation, and counterfeit goods — go unanswered or are actively rejected with excuses.
Servers Hacked, Customers Blamed
Repeated reports of VPS servers compromised with backdoors. One customer lost all 3 virtual servers. Support blames customers rather than investigating infrastructure vulnerabilities.
AI Bots & Endless Support Loops
Customers describe 'robotic answers and contradictions,' copy-paste responses, and AI chatbot interactions disguised as human support — creating circular loops that never resolve issues.
Sudden Terminations & Data Loss
Accounts terminated without warning. One customer lost 100GB including business websites. Charges applied right before outages, refunds denied citing policy exclusions.
Deceptive Money-Back Guarantee
The advertised '30-day guarantee' excludes annual plans, promo codes, crypto payments, dedicated servers, and more — conditions not disclosed at checkout. Reviewers call it 'structured so 99% don't qualify.'
Legal Threats Against Customers
Customers requesting legitimate refunds report receiving threats of lawsuits from UltaHost. One customer had to force a chargeback through their credit card company.
Fake Reviews Flagged by Trustpilot
Trustpilot has formally flagged UltaHost for guideline breaches and removed suspicious reviews, indicating systematic artificial inflation of ratings.
Complete Incompetence & Lack of Ethics
Reviewers describe 'complete incompetence and complete lack of ethics' — from unauthorized server modifications to domain sales followed by forced upselling of 'protection' services.
Inaccessible from Entire Countries
A customer reported their VPS was completely inaccessible from Iran, with support only offering a VPN as a 'solution' — making the service impractical for real work.
Legal & Ethical Issues
The combination of aggressive DMCA-ignored marketing, anonymous infrastructure, documented ICANN violations, and systematic failure to handle abuse creates a uniquely dangerous hosting environment.
The DMCA-Ignored + Anonymous Hosting Problem
By marketing “DMCA Ignored” hosting alongside anonymous VPS services requiring no identity or payment information, UltaHost creates a uniquely dangerous combination. Abuse complaints are ignored by documented practice — as confirmed by ICANN's own investigation. The anonymous infrastructure makes identifying perpetrators nearly impossible for victims and law enforcement.
The ICANN Breach Makes It Official
The February 2025 ICANN breach notice is a formal finding by the global domain authority that UltaHost violated its registrar agreement. Combined with 422 phishing domains reported by PhishDestroy, a Scamalytics fraud risk score of 40/100, a BBB D rating, documented hosting of counterfeit currency sites, and a Trustpilot “breach of guidelines” warning — this forms a comprehensive pattern of enabling criminal activity.
Real-World Consequences
- ■Defamation & Harassment: Victims endure months of live defamatory content with no recourse when abuse reports are systematically ignored.
- ■Phishing & Financial Fraud: 422+ phishing domains actively stealing credentials and financial data from consumers.
- ■Counterfeit Operations: Documented hosting of sites selling counterfeit currency, with abuse reports rejected.
- ■Customer Harm: Data loss, hacked servers, deceptive refund practices, legal threats, double-billing, and AI support walls that prevent issue resolution.
Caution for Legitimate Users
If you are considering UltaHost, be aware that their ICANN breach status, documented failure to handle abuse, BBB D rating, fake review warnings, blacklisted IPs, 43.78% recorded uptime, deceptive refund practices, and legal threats against customers make it a high-risk choice. Consider reputable alternatives with transparent policies.
What You Can Do
If you've been affected by UltaHost's practices, or simply want to help hold them accountable, here are concrete steps you can take.
Report Your Experience
Your story helps build the public record. All submissions are reviewed and may be published anonymously.