Did UltaHost receive an official ICANN breach notice?

Yes. On February 5, 2025, ICANN issued a formal Notice of Breach to UltaHost, Inc. (IANA #4331) for violations of the Registrar Accreditation Agreement, including failure to mitigate DNS abuse (Section 3.18.2) and failure to provide abuse records (Section 3.18.4).

How many phishing domains have been reported on UltaHost?

As of April 2026, PhishDestroy has flagged 728 phishing domains registered through UltaHost, Inc. with 433 formal abuse reports filed. 245 domains (33.7%) remain alive, and 57% of reported phishing domains remain active despite formal complaints. 98.4% were confirmed malicious by VirusTotal.

What is UltaHost's BBB rating?

UltaHost has a D rating from the Better Business Bureau (BBB). They are not accredited. 6 complaints have been filed, with failure to respond to at least 1.

What uptime has been recorded for UltaHost?

WebsitePlanet's independent 2026 test recorded only 43.78% uptime over one month, with the site down for 17 consecutive days. The industry standard is 99.9% uptime.

Who founded UltaHost?

UltaHost was founded by brothers Elin Doughouz (CEO) and Deen Doughouz (CTO), who also founded ScriptSun Ltd, WoWonder, PlayTube, DeepSound, PixelPhoto, and Wolvor Global through Doughouz Group Ltd.

Does UltaHost offer DMCA ignored hosting?

Yes. UltaHost actively markets DMCA Ignored VPS, DMCA Ignored Dedicated servers, and Anonymous VPS products through offshore data centers in the Netherlands and Luxembourg. Their website states 'complete freedom of material' and notes it is 'possible to violate the laws, rules, or cultural norms of one or more countries.'

What is UltaHost's fraud risk score?

Scamalytics rates UltaHost, Inc. as a medium fraud risk ISP with a score of 40/100, meaning approximately 37% of web traffic from their infrastructure is suspected to be potentially fraudulent.

Conservative estimate, fully sourced

Financial Impact: Estimating the Real-World Damage

728 phishing domains is a number. What does it translate to in actual dollars stolen from actual people? Using published FBI IC3 averages and conservative assumptions about victim conversion, we estimate $10.6 – 39.6 million USD in direct victim losses attributable to UltaHost-registered phishing infrastructure.

Conservative estimated direct victim losses

$10.6M – $39.6M

From phishing domains registered through UltaHost as of April 18, 2026

Methodology and assumptions explained in full below. We've deliberately picked low-end multipliers; the true figure is likely higher.

The math, step by step

Inputs (all from published sources)

Total flagged phishing domains on UltaHost	728	PhishDestroy (Apr 18, 2026)
Domains still LIVE / active despite reports	245 (33.7%)	PhishDestroy
Reported domains still active after takedown request	57%	PhishDestroy
Avg FBI IC3 phishing victim loss (2024 data)	$166	FBI IC3 Annual Report
Avg IC3 investment scam victim loss (2024)	$87,000	FBI IC3 Annual Report
Avg IC3 BEC / wire-fraud victim loss (2024)	$137,000	FBI IC3 Annual Report
Industry-typical victim-conversion rate	0.5-2%	Verizon DBIR, Cisco Talos

Calculation A — Credential-phishing model (low end)

Assumes the 728 domains are predominantly bank/wallet/login credential phishing (matches PhishDestroy categorization: 18+ brands impersonated, including Ledger, Coinbase, MetaMask, Trezor, Binance).

728 domains × est. 200 visits over lifetime = 145,600 victims exposed

145,600 × 0.5% conversion rate = 728 actual victims

728 victims × $166 avg loss = $120,848 (very low estimate)

Bottom of range. Assumes IC3 average phishing loss (which understates because IC3 averages all phishing including small-dollar gift-card scams).

Calculation B — Wallet-drainer model (mid range)

PhishDestroy identifies wallet-drainer malware on UltaHost domains (Angel, Inferno, Venom, Pink, MS, Solana drainers). Wallet drainers empty everything in one transaction — and the average crypto-phishing loss in 2024 was $14,500 per Scam Sniffer.

Estimate 25% of 728 domains are crypto-phishing = 182 domains

182 × est. 500 visits = 91,000 exposed

91,000 × 1% conversion = 910 wallet-drained victims

910 victims × $14,500 (Scam Sniffer avg) = $13,195,000

Mid range. Crypto victims rarely report to IC3 because they assume crypto is unrecoverable — so the true figure here could be 2-3x the FBI data suggests.

Calculation C — Including pig-butchering platforms (high end)

PhishDestroy identifies pig-butchering / long-con investment-fraud platforms LIVE on UltaHost: valoreal-capital.com, hudsondigitalcorporation.com, wealthtech-global.com, eurobit-international.com, bitcoretrade.com, granddominiontrust.org. Each platform typically serves dozens to hundreds of victims with average losses of $80,000+.

Documented pig-butchering platforms on UltaHost: 6 LIVE

Average platform serves 50 victims (Sift, Trend Micro data)

Average loss per victim: $80,000 (FBI IC3 investment scam median)

6 platforms × 50 victims × $80,000 = $24,000,000

Plus credential phishing: $13,195,000

Plus baseline phishing: $2,400,000

Total: ~$39,600,000

Top of range. Still conservative — does not include carding / fullz / sextortion / Telegram-coordinated operations also documented on UltaHost infrastructure.

What this estimate does NOT include

●Indirect costs to brand-impersonation victims (legal fees, brand-reputation damage, customer-trust loss). Easily 3-5x the direct phishing losses.
●Indirect costs to legitimate UltaHost customers (data loss, IP blacklisting, email deliverability ruin, time spent migrating). The 100GB Mumbai customer alone lost an unmeasurable amount of business revenue.
●Costs to ISPs, banks, and law enforcement responding to the abuse (chargeback processing, fraud investigation, takedown coordination).
●Psychological costs to pig-butchering and sextortion victims — partially priceable via mental-health treatment, lost productivity, suicide rate elevation. Globally significant.
●Costs to the registrar ecosystem of having one bad actor force ICANN to spend regulatory resources on enforcement actions.
●Damage to the Doughouz family's own legitimate customers (the Coolify, Envato, WoWonder buyers) who now risk being associated with the bulletproof-hosting brand.

Total real-world impact when these are included: likely $100 million+, possibly multiples of that. We've chosen to publish only the most defensible direct-loss number.

Why this matters

ICANN's own published rationale for the breach notice was UltaHost's failure to act on abuse reports under RAA §3.18.2. Translating that policy failure into a dollar figure makes it concrete: somewhere between ten and forty million dollars in direct victim losses occurred on UltaHost's watch, after they were warned.

PhishDestroy's public destroylist on GitHub creates a timestamped record of exactly when each domain was reported. For each victim, there is a date on which UltaHost knew the domain was malicious and chose not to act.

As PhishDestroy puts it: “Once the registrar receives the report, they are no longer ignorant. They have been informed, with evidence, that a domain under their control is being used to steal money, credentials, and identities. From that moment, continued inaction is not negligence — it is a conscious decision to allow harm.”

Sources for the math

I lost money to a UltaHost-hosted scam — help →I want to file a complaint →