Glossary — Technical Terms Used Across This Site

ICANN (Internet Corporation for Assigned Names and Numbers) coordinates the global domain name system. Every domain registrar — including UltaHost — must sign and follow the Registrar Accreditation Agreement (RAA) to be allowed to sell domains.

On 5 February 2025, ICANN issued a formal Notice of Breach to UltaHost for failing to comply with the RAA. This is the single most authoritative external finding on this site — it's not an opinion, it's an official regulatory action.

The RAA spells out what registrars must do. The two sections most relevant to UltaHost are:

• RAA §3.18.2: registrars must take action on reports of DNS abuse (phishing, malware, botnet command-and-control). UltaHost was cited for failing this.
• RAA §3.18.4: registrars must maintain and provide abuse records. UltaHost was cited for failing this too — they couldn't prove they were even tracking complaints.

The DMCA provides a takedown procedure: a rights-holder sends a notice, the host has 24-48 hours to act, the user can counter-notice if it's a false claim. Reputable hosts follow it.

A “DMCA Ignored” host markets itself as not followingthe DMCA process — which is UltaHost's explicit product line: “DMCA Ignored VPS”, “DMCA Ignored Dedicated”. Their blog admits the marketing pitch: “DMCA-ignored servers allow you to stream or share content that lawyers and governments believe violates copyright law.”

Note the selective application: a customer was terminated and refused a refund for criticizing someone who sent a DMCA email to UltaHost. The “DMCA Ignored” marketing only applies to customers UltaHost wants to keep.

Spamhaus's textbook definition: “DNS, web, mail or other services provided with either explicit or tacit actions not to disconnect customers who spam or engage in cybercrime.”

Characteristics: anonymous signup, cryptocurrency payment, offshore jurisdictions, DMCA ignored, slow or non-existent abuse response. CISA's 2025 guidance documents how BPH enables ransomware, phishing, malware distribution, botnet C&C, and pig butchering.

Four independent industry classifications now list UltaHost as bulletproof hosting: Bolster AI, HostAdvice, WebsitePlanet, and OnlyLoudest.

Every registrar must implement RDAP correctly so security researchers and law enforcement can look up domain registration information. UltaHost's ICANN breach included RDAP non-compliance: no IPv6 support and conflicting version information between their service and the ICANN specification.

The internet is a network of networks; each is an Autonomous System with its own number. UltaHost's AS is AS214036 (ULTAHOST-AS), assigned by RIPE NCC on 15 October 2024.

AS214036 holds 49,239 domains across 5,553 IP addresseswith 7 upstream carriers. You can look up any IP's AS at bgp.he.net or bgp.tools.

The official term for IP ranges that haven't been assigned by IANA / RIRs, or that are reserved (like 10.0.0.0/8). When a network “announces bogons” via BGP, it's either misconfigured or it's laundering traffic for someone who wants to hide.

BGP.HE.net explicitly flags UltaHost's AS214036 as “announces bogons” — a network-hygiene failure strongly associated with abuse-friendly infrastructure providers.

When a victim signs a malicious smart-contract approval (often after clicking a fake MetaMask popup on a phishing site), the drainer instantly transfers all their tokens to the attacker. Named families include Angel Drainer, Inferno Drainer, Venom Drainer, Pink Drainer, MS Drainer, Solana Drainer, Ice Phishing.

PhishDestroy has identified wallet drainer activity on UltaHost-registered domains including walletdrainer.site — a domain whose name literally advertises the crime, and which remained live on UltaHost infrastructure at the time of investigation.

The scammer builds a relationship with the victim (often via dating apps or random WhatsApp messages), then introduces a “great investment opportunity” on a fake trading platform. The platform shows fake profits to encourage more deposits. When the victim tries to withdraw, “taxes” or “fees” are demanded, then the platform vanishes.

PhishDestroy has identified multiple pig-butchering platform infrastructure domains registered through UltaHost, including valoreal-capital.com,hudsondigitalcorporation.com,wealthtech-global.com,eurobit-international.com, andbitcoretrade.com — all LIVE.

Established by ICANN and administered by bodies like WIPO, Forum (formerly NAF), and the Czech Arbitration Court. A UDRP decision forces the registrar to transfer the domain to you — UltaHost cannot ignore it. Typical cost: $1,500-$3,000 in filing fees. Typical timeline: 2 months. See For Victims for the full filing path.

A legal consumer-protection right. In the US it's codified in the Fair Credit Billing Act; in the UK it's Section 75 of the Consumer Credit Act 1974 (covering purchases £100-£30,000 on a credit card). You typically have 60-120 days from charge to dispute.

UltaHost's refund policy pre-classifies customer chargebacks as “criminal fraud” and threatens permanent termination plus full repayment — but contract language cannot override statutory consumer-protection rights.

Modern phishing impersonates banks, crypto wallets, government departments, payment processors, employers. The fake site captures your login or seed phrase and forwards it to the attacker. PhishDestroy as of April 18, 2026 has flagged 728 phishing domains registered through UltaHost, with 245 still alive and 57% still active after formal abuse reports.

Specifically defined by ICANN as the five categories above. Registrars are required (RAA §3.18.2) to take action on credible reports of DNS abuse. UltaHost was cited for failing this — that's the formal basis of the 2025 ICANN breach.

Indicators of a shell structure: minimal share capital (£10,000 or less), registered to a mass-registration address, one person filling multiple roles (director AND secretary), actual decision-maker resident in a different jurisdiction.

ULTAHOST LTD UK (Companies House 14567126) ticks every box: £10,000 capital, registered to 71-75 Shelton Street (a mass-registration London address), Elin Doughous is sole director AND sole secretary, and is resident in Izmit, Kocaeli, Turkey. UltaHost's own Terms admit operations across four jurisdictions (USA, UK, Dubai, Istanbul) — a common jurisdictional shell pattern.

On Reddit specifically: posting promotional content while pretending to be a regular user with no business relationship. A Trustpilot reviewer documented UltaHost astroturfing via u/AngeLink-Officialposting promotional content on r/digitalnomad without disclosure. Combined with up-to-70% affiliate commissions paid in crypto, this is the financial mechanism manufacturing UltaHost's polished public reputation.

Industry standard for hosting is 20-40%. UltaHost's own affiliate FAQ offers up to 70% per saleor $100-$300 flat, paid in cryptocurrency, with a 50% withdrawal cap and 45-day hold. This combination explains the bimodal review distribution (67% five-star + 24% one-star with almost nothing in between) and the Sitejabber warning that UltaHost has been “reported to offer discounts, coupons, or other compensation in exchange for reviews.”

Marketplaces traffic in stolen card numbers, CVVs, and full identity packages (name, SSN, DOB, address). They commonly use Telegram channels for coordination. HostAdvice officially lists UltaHost as a top Telegram Hosting Service — the same anonymous, crypto-paid, DMCA-ignored characteristics that make UltaHost VPS attractive to criminals also apply to their Telegram bot hosting infrastructure.

Scammers either obtain actual images (often via webcam compromise or romantic relationships) or fake claims they have them, then demand cryptocurrency payment under threat of distribution. Increasingly targets minors. The Telegram-bot hosting model that UltaHost provides is commonly used to manage sextortion operations at scale. See support resourcesif you've been targeted.

Free public record at find-and-update.company-information.service.gov.uk. Anyone can look up a UK company's registered office, directors, share capital, persons with significant control, filed accounts, and full history. This is how we documented the ULTAHOST LTD UK shell company structure.

Public-good organization that tracks phishing domains, files abuse reports with registrars and hosts, and publishes statistics. Their registrar statistics page — analyzing 342 million domains across 104 registrars — ranks UltaHost as the #3 worst registrar in the world (risk score 68/100). Their public destroylist on GitHub creates a timestamped public record of every abuse report — useful evidence for any future victim civil claim.