Did UltaHost receive an official ICANN breach notice?

Yes. On February 5, 2025, ICANN issued a formal Notice of Breach to UltaHost, Inc. (IANA #4331) for violations of the Registrar Accreditation Agreement, including failure to mitigate DNS abuse (Section 3.18.2) and failure to provide abuse records (Section 3.18.4).

How many phishing domains have been reported on UltaHost?

As of April 2026, PhishDestroy has flagged 728 phishing domains registered through UltaHost, Inc. with 433 formal abuse reports filed. 245 domains (33.7%) remain alive, and 57% of reported phishing domains remain active despite formal complaints. 98.4% were confirmed malicious by VirusTotal.

What is UltaHost's BBB rating?

UltaHost has a D rating from the Better Business Bureau (BBB). They are not accredited. 6 complaints have been filed, with failure to respond to at least 1.

What uptime has been recorded for UltaHost?

WebsitePlanet's independent 2026 test recorded only 43.78% uptime over one month, with the site down for 17 consecutive days. The industry standard is 99.9% uptime.

Who founded UltaHost?

UltaHost was founded by brothers Elin Doughouz (CEO) and Deen Doughouz (CTO), who also founded ScriptSun Ltd, WoWonder, PlayTube, DeepSound, PixelPhoto, and Wolvor Global through Doughouz Group Ltd.

Does UltaHost offer DMCA ignored hosting?

Yes. UltaHost actively markets DMCA Ignored VPS, DMCA Ignored Dedicated servers, and Anonymous VPS products through offshore data centers in the Netherlands and Luxembourg. Their website states 'complete freedom of material' and notes it is 'possible to violate the laws, rules, or cultural norms of one or more countries.'

What is UltaHost's fraud risk score?

Scamalytics rates UltaHost, Inc. as a medium fraud risk ISP with a score of 40/100, meaning approximately 37% of web traffic from their infrastructure is suspected to be potentially fraudulent.

UltaHost is a legally incorporated company, but the publicly documented evidence shows multiple practices that reasonable people would call scam-like: an official ICANN breach for failing to act on abuse reports, a BBB D rating with unresolved complaints, refund policies designed to deny most claims, threats of legal action against customers requesting refunds, and a documented $800 unpaid invoice to a content creator who completed a paid review.

UltaHost is a real, registered company with offices admitted in four jurisdictions (USA, UK, Dubai, Istanbul). However, the UK arm (ULTAHOST LTD, Companies House 14567126) is a one-person shell company with only £10,000 share capital, registered to a mass-registration London address. The Delaware entity uses a registered-agent address rather than an operational office. Whether their business practices are 'legit' is the actual question — and the documented evidence (ICANN breach, 728 phishing domains, fake reviews flagged by Trustpilot and Sitejabber) suggests serious problems.

Independent data says no. PhishDestroy ranks UltaHost as the #3 worst registrar globally out of 104 analyzed. AbuseIPDB shows individual UltaHost IPs with 132+ abuse reports from 40+ distinct sources. WebsitePlanet's independent uptime test recorded only 43.78% uptime — the site was down for 17 consecutive days. Multiple customers report VPS servers being hacked with backdoor admin accounts that returned even after support 'fixed' them.

UltaHost is run by the Doughouz family — three brothers based across multiple countries. Elin Ander Doughouz (CEO, born 1992 in Nalchik, Russia; resident in Izmit, Turkey; educated at Yeditepe University, Turkey; also known by aliases Allen Doughouz and Elin Doughous). Deen Doughouz (CTO, based in the UAE). Younes Doughouz (third co-founder identified via Crunchbase). The family operates as 'Doughouz Group' which per Crunchbase owns: ScriptSun, UltaHost, WoWonder, PlayTube, DeepSound, PixelPhoto, and Wolvor Global ('Military technology providers').

UltaHost FAQ — Is It a Scam? Is It Safe? Refunds, ICANN Breach, Bulletproof Hosting

Plain, evidenced answers to the questions people search for most often about UltaHost. Every answer links to the underlying source — either our investigation pages or the original third-party documentation (ICANN, PhishDestroy, BBB, Trustpilot, Companies House, etc.).

If your question isn't here, see our full investigations: Round 3, Round 4, Round 5, or use the contact form.

Is UltaHost a scam?

UltaHost is a legally incorporated company, but the publicly documented evidence shows multiple practices that reasonable people would call scam-like:

An official ICANN Notice of Breach (5 February 2025) for failing to act on abuse reports
BBB D rating with unresolved complaints
Refund policies structured to deny most claims: annuals, biennials, crypto, dedicated plans all excluded
Threats of legal action against customers who request refunds
Documented $800 unpaid invoice to a content creator who completed a paid review (Round 5 evidence)

See Round 3 through Round 5 investigations for full evidence.

Is UltaHost legit?

UltaHost is a real, registered company with offices admitted in four jurisdictions (USA, UK, Dubai, Istanbul) per their own Terms of Service. However:

The UK arm (ULTAHOST LTD, Companies House 14567126) is a one-person shell company with only £10,000 share capital, registered to a mass-registration London address
The Delaware entity uses a registered-agent address, not an operational office
The actual director, Elin Doughous, is Turkish and resident in Izmit, Kocaeli, Turkey

Whether their business practices are “legit” is the actual question — and the documented evidence suggests serious problems.

Is UltaHost safe?

Independent data says no:

PhishDestroy ranks UltaHost #3 worst registrar globally out of 104 analyzed (risk score 68/100)
AbuseIPDB shows individual UltaHost IPs with 132+ abuse reports from 40+ distinct sources
WebsitePlanet's independent uptime test recorded only 43.78% uptime — site down for 17 consecutive days
Multiple customers report VPS servers being hacked with backdoor admin accounts that returned even after support “fixed” them

Can I get a refund from UltaHost?

Most likely no. While UltaHost advertises a “30-day money-back guarantee”, their actual refund policy excludes:

Annual plans, biennial plans, triennials
Dedicated servers, VDS above $96.50
Admin fees, custom software fees, domain names
Promo-code purchases (not disclosed at checkout)
Cryptocurrency payments — never refundable, only credited to your UltaHost balance

Reviewers describe the policy as “structured so 99% of clients don't qualify.” The same policy contains a clause classifying chargebacks as “criminal fraud” — see our Round 5 investigation. If you need to escalate, see our For Victims guide.

What is UltaHost's ICANN breach?

On 5 February 2025, ICANN issued an official Notice of Breach to UltaHost, Inc. (IANA #4331) for violations of the Registrar Accreditation Agreement:

RAA Section 3.18.2: failure to mitigate DNS abuse
RAA Section 3.18.4: failure to provide abuse records
RDAP non-compliance: no IPv6 support, conflicting version information
Additional issues with data escrow, contact info, and policy disclosures

UltaHost was given 21 days to cure the breach. The cure was not completed until March 2026 — over a year past deadline. See our full timeline.

Why is UltaHost called bulletproof hosting?

Four independent industry classifications now list UltaHost as bulletproof hosting:

Bolster AI — anti-phishing cybersecurity firm
HostAdvice — “8 Best Bulletproof Hosting Providers”
WebsitePlanet — “7 Best DMCA-Ignored Hosting”
OnlyLoudest — “Top 10 Best DMCA Ignored Hosting”

UltaHost's own marketing confirms it. They sell “DMCA Ignored VPS”, “DMCA Ignored Dedicated”, and “Anonymous VPS” products, accept cryptocurrency with no real identity required, and explicitly state in their own blog: “DMCA-ignored servers allow you to stream or share content that lawyers and governments believe violates copyright law.”

Who owns UltaHost?

UltaHost is run by the Doughouz family — three brothers based across multiple countries:

Elin Ander Doughouz — CEO, born 1992 in Nalchik, Russia. Resident in Izmit, Turkey. Educated at Yeditepe University. Also known by aliases Allen Doughouz and Elin Doughous.
Deen Doughouz — CTO, based in the UAE
Younes Doughouz — third co-founder identified via Crunchbase

The family operates as Doughouz Group which per Crunchbase owns: ScriptSun, UltaHost, WoWonder, PlayTube, DeepSound, PixelPhoto, and Wolvor Global (“Military technology providers”).

Disclaimer: No personal legal actions or criminal allegations have been found against the Doughouz brothers individually.

Where is UltaHost actually located?

UltaHost's marketing presents US (Delaware) and UK (London) offices, but both are paper addresses:

The Delaware address is a registered-agent service, not an operational office
The London address (71-75 Shelton Street, Covent Garden) is a mass-registration shell company address used by thousands of entities

The actual operational base is Turkey — the sole UK director's personal address is in Izmit, Kocaeli, and the company's confirmed phone number is Turkish (+90 555 000 0111).

UltaHost's own Terms of Service admit operations in “UltaHost Dubai, UltaHost Istanbul, UltaHost Ltd UK, and UltaHost Inc USA.”

Have UltaHost customers been hacked?

Repeatedly, yes. Documented examples:

Multiple Trustpilot reviewers report VPS servers being compromised with backdoor admin accounts and forced restarts
One customer reported all 3 of their virtual servers were hacked multiple times
A Reddit thread describes backdoors that returned even after UltaHost support “fixed” them, with support disabling the customer's Norton antivirus during the “repair”

There's no public evidence of intent by UltaHost — but the pattern is documented across multiple unrelated reports. See our Round 5 investigation for the Envato/CodeCanyon script-supply concern that may be relevant.

Why does UltaHost ignore abuse reports?

Documented gatekeeping. UltaHost rejects abuse reports based on the reporter's email provider:

One reviewer was told to “kick rocks” for using a Gmail address
Another was told via LinkedIn that “we do not investigate abuse unless I submit a trademark or court order.”
Only lawyers with trademark documents or law enforcement (24-hour response promised) are prioritized

In practice: ordinary citizens, small businesses, and Gmail users have no path to get UltaHost to act. This is precisely why criminals choose UltaHost — and exactly the pattern that triggered the 2025 ICANN breach notice.

How do I report a site hosted on UltaHost?

Start with these channels in parallel:

PhishDestroy — active investigation track record
FBI IC3 (US victims), Action Fraud (UK), your country's CERT
Browser blocklists: Google Safe Browsing, Microsoft SmartScreen
For trademark impersonation: ICANN complaint and a UDRP complaint with WIPO
If the site is behind Cloudflare: file Cloudflare abuse

Be aware: UltaHost has documented gatekeeping, so direct complaint to them is unlikely to succeed unless you can attach a trademark certificate or court order. See our For Victims guide for step-by-step.

How do I cancel UltaHost and get my money back?

If you paid by credit card and you're within 60 days of charge, your strongest path is a chargeback (Fair Credit Billing Act in the US, Section 75 Consumer Credit Act in the UK, or equivalent).

Warning: UltaHost's refund policy contains a clause classifying chargebacks as “criminal fraud” and threatens to permanently terminate service plus demand repayment “in full” — but this contract language cannot override your statutory consumer-protection rights.

If you paid by cryptocurrency, refunds are explicitly excluded — you can only get UltaHost account credit.

Safe migration order:

Back up everything (files, database dumps, DNS records)
Register at a reputable host first
Transfer DNS / point records to the new host
Then cancel UltaHost

Is my data safe on UltaHost?

Multiple documented cases say no:

One Mumbai customer lost approximately 100GB of business data when UltaHost completely deleted their VPS after two weeks of downtime, then denied a refund
Other customers report sudden account terminations “after just a few days of suspension without notice”
VPS servers being compromised with backdoor admin accounts has been reported repeatedly

Best practice for ANY hosting provider: maintain off-host backups (Cloudflare R2, AWS S3, Backblaze, or even your own laptop). For UltaHost specifically, this is essential.

Why won't UltaHost refund my cryptocurrency payment?

UltaHost's refund policy explicitly excludes cryptocurrency payments from refunds — they will only credit your UltaHost account balance instead.

This is a structural trap: you cannot exit, and to use the credit you must spend more on UltaHost.

One Helsinki customer ordered a server that was never delivered and was still refused a crypto wallet refund — instead they were given account credit for a service UltaHost admitted they could not provide. See full quote in Round 4 investigation.

Is UltaHost good for WordPress hosting?

Independent reviewers say no:

HostScore reviewers describe UltaHost's WordPress hosting as “by far the worst I've ever seen” with “massively slow servers” and “many errors in WordPress”
WebsitePlanet's test recorded 43.78% uptime over a one-month period
Multiple customers report WordPress sites being hacked with no support response

For WordPress, mainstream alternatives like SiteGround, Cloudways, or Kinsta are dramatically more reliable.

UltaHost vs Hostinger / SiteGround / Cloudways — which is better?

Any mainstream reputable alternative is better. A direct quote from a BlackHatWorld user comparing the two:

“Ultahost are more lenient with abuse complaints of a certain nature and Hostinger are very aggressive with accepting complaints and actioning them.”

Translated: if you want a hosting provider that takes abuse reports seriously, Hostinger does, UltaHost does not. SiteGround, Cloudways, and DigitalOcean all have stronger abuse responsiveness, refund policies, and customer-protection records. See our Alternatives page for full comparison.

What are good alternatives to UltaHost?

Domain registration: Cloudflare Registrar (cheapest, abuse-responsive) or Namecheap (mainstream)
VPS: Hetzner Cloud (German, GDPR-compliant, transparent), DigitalOcean (developer-friendly), or AWS Lightsail (enterprise)
Managed hosting: Cloudways (multi-cloud), Kinsta (premium WordPress), or SiteGround (mainstream)

All of these have published abuse-response policies, transparent ownership, and don't appear on PhishDestroy's worst-registrar list. See full comparison at Alternatives.

Are UltaHost's 5-star reviews fake?

Many appear to be:

Trustpilot has explicitly flagged UltaHost's profile: “We've removed a number of fake reviews for this company.”
Sitejabber displays the warning: “Ultahost has been reported to offer discounts, coupons, or other compensation in exchange for reviews.”
UltaHost operates two Trustpilot profiles (ultahost.com and ultahost.io) with a bimodal distribution (67% five-star + 24% one-star, almost nothing in between) — the mathematical signature of paid reviews mixed with genuine angry customers
UltaHost's own affiliate page confirms up to 70% commission per sale paid in cryptocurrency — vastly above the industry standard 20-40%

What is the criminal-fraud chargebacks clause in UltaHost's refund policy?

UltaHost's published refund policy contains language pre-classifying customer chargebacks as “criminal fraud”:

“In cases of blatant payment or criminal fraud chargebacks, the service will be discontinued without any opportunity for recovery. This policy is non-negotiable and enforced permanently.”

This is an intimidation mechanism, not a legal reality. Filing a legitimate chargeback for a service not delivered or for a charge you didn't authorize is not criminal fraud, and contract language cannot override consumer-protection statute (Fair Credit Billing Act in the US, Consumer Credit Act 1974 in the UK, etc.).

What does UltaHost's own abuse policy say vs what ICANN cited them for?

UltaHost's own published Abuse Handling Policy claims, verbatim:

“UltaHost... strictly adheres to Section 3.18 of the Registrar Accreditation Agreement (RAA), which mandates the timely handling of abuse reports and cooperation with relevant authorities.”

ICANN's February 5, 2025 Notice of Breach cited UltaHost specifically for failing:

RAA §3.18.2: failure to mitigate DNS abuse
RAA §3.18.4: failure to provide abuse records

The company wrote down exactly what they were supposed to do, then got formally cited for not doing it. The policy page remained live throughout the 13-month cure period. See our Timeline for the chronology.

Where can I see live evidence of UltaHost's phishing problem?

Use these independent verification sources to confirm everything we publish:

PhishDestroy registrar stats — confirms the #3 worst registrar ranking
PhishDestroy UltaHost domain list — full 728 flagged domains
AbuseIPDB — per-IP abuse reports across UltaHost's AS214036
Spamhaus Reputation Checker
abuse.ch URLhaus — malware-distribution URLs on UltaHost infrastructure
abuse.ch ThreatFox — indicators of compromise
abuse.ch Feodo Tracker — banking trojan C&C servers

UltaHost FAQ — Plain Answers to the Most-Asked Questions