Did UltaHost receive an official ICANN breach notice?

Yes. On February 5, 2025, ICANN issued a formal Notice of Breach to UltaHost, Inc. (IANA #4331) for violations of the Registrar Accreditation Agreement, including failure to mitigate DNS abuse (Section 3.18.2) and failure to provide abuse records (Section 3.18.4).

How many phishing domains have been reported on UltaHost?

As of April 2026, PhishDestroy has flagged 728 phishing domains registered through UltaHost, Inc. with 433 formal abuse reports filed. 245 domains (33.7%) remain alive, and 57% of reported phishing domains remain active despite formal complaints. 98.4% were confirmed malicious by VirusTotal.

What is UltaHost's BBB rating?

UltaHost has a D rating from the Better Business Bureau (BBB). They are not accredited. 6 complaints have been filed, with failure to respond to at least 1.

What uptime has been recorded for UltaHost?

WebsitePlanet's independent 2026 test recorded only 43.78% uptime over one month, with the site down for 17 consecutive days. The industry standard is 99.9% uptime.

Who founded UltaHost?

UltaHost was founded by brothers Elin Doughouz (CEO) and Deen Doughouz (CTO), who also founded ScriptSun Ltd, WoWonder, PlayTube, DeepSound, PixelPhoto, and Wolvor Global through Doughouz Group Ltd.

Does UltaHost offer DMCA ignored hosting?

Yes. UltaHost actively markets DMCA Ignored VPS, DMCA Ignored Dedicated servers, and Anonymous VPS products through offshore data centers in the Netherlands and Luxembourg. Their website states 'complete freedom of material' and notes it is 'possible to violate the laws, rules, or cultural norms of one or more countries.'

What is UltaHost's fraud risk score?

Scamalytics rates UltaHost, Inc. as a medium fraud risk ISP with a score of 40/100, meaning approximately 37% of web traffic from their infrastructure is suspected to be potentially fraudulent.

Live phishing gallery

Live Phishing Tracker: 245 UltaHost Domains Still Active

A categorized snapshot of phishing domains registered through UltaHost as of April 18, 2026. 245 of 728 flagged domains remain live — a 33.7% alive rate. 57% of formally reported domains still serve victims despite abuse reports being filed.

Last verified: May 17, 2026 against PhishDestroy registrar stats. We re-check monthly. For the full current list, see PhishDestroy's live UltaHost domain page.

728

Flagged domains

245

Still LIVE (33.7%)

57%

Active after report

98.4%

VirusTotal-confirmed

How to read this page: Each card shows a phishing domain registered through UltaHost. LIVE means the domain was reachable at last verification. VT is the VirusTotal threat score from 70+ antivirus engines. A score of 5+ is high confidence; 15+ is overwhelming consensus.

Bank Impersonation (LIVE)

webchasesavings.com

LiveVT 12

bcvbk.com

LiveVT 9

virtabanks.net

LiveVT 8

fnbux.com

LiveVT 7

versatilebk.com

LiveVT 7

equityccu.com

LiveVT 6

ubsnovus.com

VT 19

firstmidwestsbank.com

VT 16

Web3 / Crypto Wallet Phishing (Drainer Sites)

metamaskusdt.com

VT 16

trezor.io-suite.org

VT 16

tether-claim.com

VT 11

trustwalletconnect.net

VT 10

vortewallet.com

LiveVT 8

shieldweb3ledge.com

LiveVT 7

authsecureuser.net

LiveVT 6

ledger-protect.xyz

walletdrainer.site

LiveVT 15

Pig Butchering / Investment Fraud (LIVE)

valoreal-capital.com

LiveVT 9

hudsondigitalcorporation.com

LiveVT 8

wealthtech-global.com

LiveVT 7

eurobit-international.com

LiveVT 7

bitcoretrade.com

LiveVT 6

tenderlytradepro.com

VT 8

granddominiontrust.org

Airdrop Scams (Fake Crypto Giveaways, LIVE)

monadairdrops.xyz

Live

zentryairdrop.xyz

Live

zkverifyairdrop.xyz

Live

d3airdrop.xyz

Live

archnetworkairdrop.xyz

Live

billionsairdrop.xyz

Live

raylsairdrop.xyz

Live

Token Presale Scams (Fake ICO, LIVE)

kalshipresale.xyz

Live

edgenpresale.xyz

Live

rialotoken.xyz

Live

Government Impersonation

jandhanyojna.org

maxdeptgov.com

masdeptgov.com

Trading Platform Fraud (LIVE)

elontrade-firm.com

Live

foxminingwayoption.com

Live

bara-ai.com

Live

24robinhoodtradingoption.com

Wallet-drainer malware families detected on UltaHost domains

Counts are system-wide PhishDestroy detections. Each represents an automated tool that empties a victim's crypto wallet in one transaction:

Angel Drainer (4,379)Solana Drainer (2,121)Wallet Connect Abuse (1,668)Ice Phishing (42)Inferno Drainer (41)MS Drainer (1+)Pink Drainer (1+)Venom Drainer (1+)

Brands most heavily impersonated

At least 18 major brand names appear in phishing domains registered through UltaHost:

BaseLedgerCoinbaseAcrossSolanaKrakenGoogleEthereumOKXMetaMaskTrezorAaveBinanceSushiSwapFacebookTrust WalletBitcoinWalletConnect

The domain that says the quiet part out loud: walletdrainer.site— registered through UltaHost, with the literal crime in the domain name itself, still LIVE as of April 18, 2026. UltaHost's abuse-gatekeeping pattern (Gmail reporters dismissed, trademark required) means a domain whose entire reason for existing is to drain wallets remains operational because no one with appropriate legal credentials has reported it.

Verify these are still live yourself

Pick any domain above. Check its current status across these independent sources:

● PhishDestroy UltaHost domain page — full live list, click any domain for the full report
● VirusTotal — paste the domain to see its current threat score
● AbuseIPDB — paste the resolved IP to see per-IP abuse reports
● abuse.ch URLhaus — search the domain to see malware-distribution history
● Spamhaus Reputation Checker — check whether the IP is on the SBL/BCL/XBL
● Google Safe Browsing reporter — also a way to file a takedown

Important: do NOT visit these domains in your normal browser. They are live malware. Use a sandboxed environment (browser isolation service, dedicated VM, or just read the screenshots on PhishDestroy).

I was scammed by one of these — help →File complaints →