Did UltaHost receive an official ICANN breach notice?

Yes. On February 5, 2025, ICANN issued a formal Notice of Breach to UltaHost, Inc. (IANA #4331) for violations of the Registrar Accreditation Agreement, including failure to mitigate DNS abuse (Section 3.18.2) and failure to provide abuse records (Section 3.18.4).

How many phishing domains have been reported on UltaHost?

As of April 2026, PhishDestroy has flagged 728 phishing domains registered through UltaHost, Inc. with 433 formal abuse reports filed. 245 domains (33.7%) remain alive, and 57% of reported phishing domains remain active despite formal complaints. 98.4% were confirmed malicious by VirusTotal.

What is UltaHost's BBB rating?

UltaHost has a D rating from the Better Business Bureau (BBB). They are not accredited. 6 complaints have been filed, with failure to respond to at least 1.

What uptime has been recorded for UltaHost?

WebsitePlanet's independent 2026 test recorded only 43.78% uptime over one month, with the site down for 17 consecutive days. The industry standard is 99.9% uptime.

Who founded UltaHost?

UltaHost was founded by brothers Elin Doughouz (CEO) and Deen Doughouz (CTO), who also founded ScriptSun Ltd, WoWonder, PlayTube, DeepSound, PixelPhoto, and Wolvor Global through Doughouz Group Ltd.

Does UltaHost offer DMCA ignored hosting?

Yes. UltaHost actively markets DMCA Ignored VPS, DMCA Ignored Dedicated servers, and Anonymous VPS products through offshore data centers in the Netherlands and Luxembourg. Their website states 'complete freedom of material' and notes it is 'possible to violate the laws, rules, or cultural norms of one or more countries.'

What is UltaHost's fraud risk score?

Scamalytics rates UltaHost, Inc. as a medium fraud risk ISP with a score of 40/100, meaning approximately 37% of web traffic from their infrastructure is suspected to be potentially fraudulent.

Round 5 — April 29, 2026

Round 5 Investigation: The Money Trail — How UltaHost Pays For Its Reputation

April 2026 — Following the financial mechanism that sustains UltaHost's polished public image despite ICANN breach, BBB D rating, and 728 phishing domains.

5.1 The 70% Affiliate Commission Engine

All claims in this section are sourced directly from UltaHost's own published affiliate FAQ at ultahost.com/affiliates:

“We can do up to 70% per sale or a stable amount per sale such as 100 to 300$ per sale.”
— UltaHost Affiliate FAQ

“The minimum payment threshold for Crypto transfer is 500$”
— UltaHost Affiliate FAQ

“The maximum payout is 50% of your total commissions on your account if your account is active on monthly bases.”
— UltaHost Affiliate FAQ

“Only older than 45 days commissions are paid out.”
— UltaHost Affiliate FAQ

Why This Matters

●Industry standard hosting affiliate commission: 20–40%. UltaHost offers up to 70% — nearly double.
●Alternative $100–$300 flat per sale
●Cryptocurrency payouts available — same anonymity as the customer side
●50% withdrawal cap creates an affiliate-retention trap (mirrors the customer-facing crypto-balance trap)
●The Sitejabber warning (“Ultahost has been reported to offer discounts, coupons, or other compensation in exchange for reviews”) is now operationally confirmed by UltaHost's own published terms.

5.2 The $800 YouTube Smoking Gun

YouTube — Freedominhours

“Is Ultahost a Scam? They Refused to Pay Me $800 After My Product Review!”

https://www.youtube.com/watch?v=JoCGmkisSx0

●Content creator commissioned for a paid review
●Review was completed and published as agreed
●UltaHost ghosted, never paid the $800
●Public, evidenced case demonstrating the affiliate machine in practice

5.3 The Envato/CodeCanyon Backdoor Pipeline

Direct quotes from UltaHost's own Envato Hosting page:

“Ultahost beats everything, Get a free setup for any of your Envato scripts with 20X faster servers, We are the Recommended Envato Hosting provider”
— ultahost.com/envato-hosting

“Open support ticket attaching your Envato item file with your server details. Your Envato item was installed successfully by our best support team.”
— ultahost.com/envato-hosting

Direct quotes from WoWonder Trustpilot reviewers:

“These scammers have a back door in their script and hacked my site repeatedly blaming it on my host trying to get me to pay them money to use their host. TOTAL SCAMMERS! They cost me millions of dollars as they injected viruses in hundreds of my sites on my server.”
— Trustpilot, wowonder.com

“I am associated with cyber security and w9wonder guys have developed really good script I can say but on other side what they have done is created and left backdoors in script means they can access your service anytime without your permission.”
— Trustpilot, wowonder.com

“Scam site. It has backdoors, and creates automatic accounts on the site to publish ads after you purchase it for a period of time.”
— Trustpilot, wowonder.com

The Vertically-Integrated Concern

Script Supply

Doughouz family sells scripts (DoughouzForest CodeCanyon, 9,982 purchases)

Installation Service

UltaHost installs those scripts for customers (“Envato Hosting” product)

Hosting Infrastructure

Customers report the scripts contain backdoors granting remote access

We make no allegation about specific intent. We document the structural conflict of interest. The same family controls the script supply, the installation service, and the hosting infrastructure that the script runs on.

Disclaimer: No personal legal actions or criminal allegations have been found against Elin Doughouz, Deen Doughouz, or Younes Doughouz individually.

5.4 The “Criminal Fraud Chargebacks” Intimidation Clause

Direct quotes from UltaHost's own published refund policy at ultahost.com/refund:

“In cases of blatant payment or criminal fraud chargebacks, the service will be discontinued without any opportunity for recovery. This policy is non-negotiable and enforced permanently.”
— UltaHost Refund Policy

“Furthermore, all charges paid for the services purchased from Ultahost must be re-paid in full if a chargeback is filed without contacting our support team beforehand.”
— UltaHost Refund Policy

UltaHost's contract language pre-classifies legitimate consumer chargebacks as “criminal fraud”. This is a contractual intimidation mechanism designed to deter customers from exercising their consumer-protection rights.

5.5 New 2026 Customer Harm Reports

Direct attributable Trustpilot quotes (sources noted under each):

“I want to let you know that your company is extremely evil, and the malware you spread in the name of servers will eventually come back to harm you. Karma will catch up with you all someday. Very wicked people.”
— Trustpilot, ultahost.com (page 1)

“DON'T BUY FROM THEM. THEY HAVE THE WORST IPS EVER ON THEIR VPS. THEY ARE SCAM.”
— Trustpilot, ultahost.com (page 8)

“I am extremely disappointed with UltraHost's service and support. When I first joined, their team clearly assured me that I would get over 500 Mbps speed from India if I hosted my server...”
— Trustpilot, ultahost.com (page 4)

“Both support tickets I created were simply closed, even though the issues remain unresolved. The managers only refer to their terms of service, claiming they are not responsible for anything. Offering one month of free hosting for websites that still do not work sounds like a mockery.”
— Trustpilot, ultahost.com (page 1)

“I am using VPS enterprise plan. Everything was fine but from recent days we are facing lots of down time. Support team always reboot the server and say...”
— Trustpilot, ultahost.com (page 4)

“Signed up for shared windows basic hosting for my nonprofit after chatting with support to ensure that they could meet my needs. After TWO DAYS, discovered that they could not give me access to my database (something I had asked about in the chat).”
— Trustpilot, ultahost.com (page 1)

“It used to be a good company, but now it's completely abandoned! I was a loyal customer for many years. I hired a new VPS today and it still hasn't been activated. It's been more than 6 hours!”
— Trustpilot, ultahost.com (page 10)

“I would not recommend this hosting to anyone. They are already openly saying that they don't care about you and want to move to another hosting service. I do not recommend dealing with this company. It was better before.”
— Trustpilot, ultahost.com (page 1)

5.6 Independent Threat-Intelligence Sources for Verification

The point is to invite independent verification:

Platform	URL	What Researchers Can Verify
Spamhaus Reputation Checker	https://check.spamhaus.org	Real-time SBL/BCL/XBL listings for any UltaHost IP
abuse.ch URLhaus	https://urlhaus.abuse.ch/	Malware-distribution URLs on AS214036
abuse.ch ThreatFox	https://threatfox.abuse.ch/	Indicators of compromise tied to UltaHost infrastructure
abuse.ch Feodo Tracker	https://feodotracker.abuse.ch/	Banking trojan C&C servers
AbuseIPDB	https://www.abuseipdb.com/	Per-IP abuse reports across UltaHost's AS214036

“Bulletproof hosting: DNS, web, mail or other services provided with either explicit or tacit actions not to disconnect customers who spam or engage in cybercrime.”
— Spamhaus, SBL listing criteria definition

This is Spamhaus's textbook behavioural definition. UltaHost's documented gatekeeping of abuse reports (Gmail-doesn't-count, no-trademark-no-action) exactly matches “tacit actions not to disconnect customers who spam or engage in cybercrime.”

5.7 G2 Review Sentiment Analysis

UltaHost markets a 4.9-star G2 score from “350+ Reviews” prominently on its affiliate page. The G2 page itself, however, exposes negative signals:

Negative Theme	Mentions
Hohe Kosten (High costs)	57
Teuer (Expensive)	53
Technische Probleme (Technical issues)	51
Preisprobleme (Pricing issues)	47
Hohe Preise (High prices)	43

These are German-language customer complaints, suggesting significant European customer dissatisfaction obscured by the headline rating.

Source: g2.com/products/ultahost/reviews

5.8 Telegram Hosting and the Criminal-Use-Case Map

UltaHost is officially listed by HostAdvice as a top Telegram Hosting Service. Telegram channel hosting is heavily used by:

● Carding / stolen credit card markets

● Wallet drainer operator coordination

● Sextortion / pig butchering scam ring management

● Counterfeit goods marketplaces (echoing the peeslow.group case)

● Phishing-as-a-service operators distributing kits to affiliates

UltaHost provides Telegram bot hosting infrastructure with the same anonymous, crypto-paid, DMCA-ignored characteristics that make their general VPS attractive to criminal customers.

Source: hostadvice.com/telegram-hosting/

5.9 Updated Dodgy-Domain Inventory

New criminal-use-case categories beyond what's already on the site:

Government Benefit Scheme Impersonation

jandhanyojna.orgimpersonates India's Pradhan Mantri Jan Dhan Yojana government banking scheme — targets vulnerable unbanked populations

maxdeptgov.com / masdeptgov.comUS federal department impersonation, likely targeting senior citizens

Pig Butchering / Long-Con Investment Fraud Infrastructure

valoreal-capital.comLive

hudsondigitalcorporation.comLive

wealthtech-global.comLive

eurobit-international.comLive

bitcoretrade.comLive

granddominiontrust.org

Bank Impersonation

bcvbk.comLive

webchasesavings.comLive

virtabanks.netLive

fnbux.comLive

versatilebk.comLive

equityccu.comLive

Wallet Drainer Marketing

walletdrainer.siteLIVE — domain literally advertises the crime

Brand-Name Impersonation (VirusTotal-confirmed)

ledger-protect.xyz

trezor.io-suite.org

coinbasepromotionclaims.comLive

meta-compliance.com

metamaskusdt.com

tether-claim.com

Token Presale / Fake ICO

kalshipresale.xyzLive

edgenpresale.xyzLive

rialotoken.xyzLive

Airdrop Scams

monadairdrops.xyzLive

zentryairdrop.xyzLive

zkverifyairdrop.xyzLive

d3airdrop.xyzLive

archnetworkairdrop.xyzLive

billionsairdrop.xyzLive

5.10 Editor's Conclusion

Across five rounds of investigation, the evidence base has now shifted from “UltaHost has problems” to “UltaHost is structurally configured to monetise abuse while financially manufacturing the public reputation that conceals it.”

The structural facts now established with public sourcing:

The supply side:

The Doughouz family operates a four-jurisdiction shell network (UK, US, Dubai, Istanbul), sells PHP scripts repeatedly accused of containing backdoors, and operates a dedicated hosting service that installs those scripts for customers.

The demand side:

UltaHost openly markets DMCA-ignored, anonymous, crypto-paid hosting and is independently classified as bulletproof by Bolster AI, HostAdvice, WebsitePlanet, OnlyLoudest, and the BlackHatWorld criminal community.

The compliance theatre:

An ICANN breach for failing to act on abuse reports — issued within months of UltaHost becoming a registrar with literally zero legitimate .com registrations — was eventually “cured” only after dragging the cure period from February 2025 to March 2026.

The reputation laundromat:

Up to 70% commissions paid in cryptocurrency, dual Trustpilot profiles, Sitejabber-flagged compensation-for-reviews, Reddit astroturfing under shill accounts, and threats of lawsuits against critics — combine to produce an artificial 4.9-star image that does not survive contact with PhishDestroy, ICANN, BBB, or VirusTotal.

The customer-facing extraction model:

A refund policy that pre-classifies chargebacks as “criminal fraud,” $117 hidden upcharges for basic functionality, crypto payments that can never be refunded only “credited,” and management who weaponise the TOS as a one-way liability shield.

This is not a hosting company that has incidentally attracted bad actors. This is a hosting company whose business model, marketing posture, contract architecture, financial flows, and ownership structure are all consistent with a single thesis: maximising revenue from the criminal-infrastructure market while extracting the maximum possible margin from legitimate customers caught in the same net.

The 245 UltaHost-registered phishing domains that remain live as of April 18, 2026 are not a technical oversight. They are the product.

Round 5 Sources

UltaHost Affiliate Program (70% commission self-disclosure) → https://ultahost.com/affiliates UltaHost Refund Policy ("criminal fraud chargebacks" clause) → https://ultahost.com/refund UltaHost Envato Hosting (script-install service) → https://ultahost.com/envato-hosting YouTube scam-alert video ($800 unpaid) → https://www.youtube.com/watch?v=JoCGmkisSx0 Affiliate.watch profile → https://affiliate.watch/affiliate/ultahost HostAdvice Telegram Hosting → https://hostadvice.com/telegram-hosting/G2 UltaHost reviews → https://www.g2.com/products/ultahost/reviews Spamhaus Reputation Checker → https://check.spamhaus.org abuse.ch URLhaus → https://urlhaus.abuse.ch/abuse.ch ThreatFox → https://threatfox.abuse.ch/abuse.ch Feodo Tracker → https://feodotracker.abuse.ch/AbuseIPDB → https://www.abuseipdb.com/DoughouzForest CodeCanyon (9,982 purchases) → https://themeforest.net/user/doughouzforest WoWonder Trustpilot (backdoor reports) → https://www.trustpilot.com/review/wowonder.com Trustpilot ultahost.com page 1 → https://www.trustpilot.com/review/ultahost.com

Compiled April 29, 2026. All information publicly sourced for accountability journalism purposes.