Did UltaHost receive an official ICANN breach notice?

Yes. On February 5, 2025, ICANN issued a formal Notice of Breach to UltaHost, Inc. (IANA #4331) for violations of the Registrar Accreditation Agreement, including failure to mitigate DNS abuse (Section 3.18.2) and failure to provide abuse records (Section 3.18.4).

How many phishing domains have been reported on UltaHost?

As of April 2026, PhishDestroy has flagged 728 phishing domains registered through UltaHost, Inc. with 433 formal abuse reports filed. 245 domains (33.7%) remain alive, and 57% of reported phishing domains remain active despite formal complaints. 98.4% were confirmed malicious by VirusTotal.

What is UltaHost's BBB rating?

UltaHost has a D rating from the Better Business Bureau (BBB). They are not accredited. 6 complaints have been filed, with failure to respond to at least 1.

What uptime has been recorded for UltaHost?

WebsitePlanet's independent 2026 test recorded only 43.78% uptime over one month, with the site down for 17 consecutive days. The industry standard is 99.9% uptime.

Who founded UltaHost?

UltaHost was founded by brothers Elin Doughouz (CEO) and Deen Doughouz (CTO), who also founded ScriptSun Ltd, WoWonder, PlayTube, DeepSound, PixelPhoto, and Wolvor Global through Doughouz Group Ltd.

Does UltaHost offer DMCA ignored hosting?

Yes. UltaHost actively markets DMCA Ignored VPS, DMCA Ignored Dedicated servers, and Anonymous VPS products through offshore data centers in the Netherlands and Luxembourg. Their website states 'complete freedom of material' and notes it is 'possible to violate the laws, rules, or cultural norms of one or more countries.'

What is UltaHost's fraud risk score?

Scamalytics rates UltaHost, Inc. as a medium fraud risk ISP with a score of 40/100, meaning approximately 37% of web traffic from their infrastructure is suspected to be potentially fraudulent.

Ready-to-send complaint templates

Take Action: 7 Complaint Templates

Copy, fill in the bracketed details, and send. Each template targets a different authority with jurisdiction over a different aspect of UltaHost's operations. The more parallel complaints filed, the harder UltaHost is to ignore.

Template 1

ICANN Compliance (highest impact)

Why file

UltaHost is already under ICANN scrutiny after the February 2025 Notice of Breach. Additional complaints strengthen the case for further enforcement (suspension or termination of registrar accreditation).

Who should file

Anyone affected by a phishing, malware, defamation, or brand-impersonation site registered through UltaHost. You do not need to be a UltaHost customer.

Suggested subject line

Continued RAA §3.18.2 non-compliance: UltaHost, Inc. (IANA #4331) failure to act on DNS abuse report

Dear ICANN Contractual Compliance,

I am filing a complaint regarding registrar UltaHost, Inc. (IANA #4331) for continued failure to comply with RAA Section 3.18.2 (mitigation of DNS abuse).

Domain at issue: [DOMAIN.COM]
Date abuse report submitted to UltaHost: [DATE]
Method of submission: [u-abuse@ultahost.com / web form / LinkedIn]
UltaHost response: [No response / Rejected / Demanded trademark / Demanded court order / Other]
Nature of abuse: [Phishing impersonating BANK_NAME / Malware distribution / Brand impersonation of MY_TRADEMARK / Defamation / Other]
Supporting evidence attached: [VirusTotal score, screenshots, archive.org links]

UltaHost was issued a Notice of Breach on 5 February 2025 for failure to act on abuse reports. The pattern documented in my case is identical to the conduct that triggered that notice.

I request that ICANN open an investigation and consider further enforcement action.

Sincerely,
[YOUR NAME]
[YOUR EMAIL]
[DATE]

Open ICANN filing form

Template 2

Better Business Bureau (US)

Why file

UltaHost currently holds a D rating with unresolved complaints. BBB complaints become public, damaging UltaHost's search reputation and creating a public-record trail.

Who should file

Customers who paid money to UltaHost and received service that did not match the advertised terms (refunds denied, server not delivered, data destroyed, crypto trapped, etc.).

Suggested subject line

Service not as advertised; refund refused by UltaHost (Delaware Inc.)

BBB Complaint against UltaHost, Inc. (Delaware)

Date of transaction: [DATE]
Amount paid: $[AMOUNT]
Payment method: [Credit card / Cryptocurrency / PayPal]
Service ordered: [VPS in Helsinki / Annual hosting / Dedicated server / etc.]

Description of issue:
[Describe what UltaHost advertised, what they actually delivered or failed to deliver, what attempts you made to resolve the issue, and what response (or lack thereof) you received.]

Resolution requested:
[Full refund to original payment method / Restoration of service / Public correction of advertised terms]

Supporting documentation attached:
- Order confirmation
- Receipt of payment
- Support ticket transcripts
- Screenshots of advertised terms vs delivered service

Sincerely,
[YOUR NAME]
[YOUR EMAIL]
[DATE]

Open Better filing form

Template 3

FTC (US) ReportFraud

Why file

The US Federal Trade Commission tracks deceptive business practices for both individual remedy and pattern-of-conduct enforcement actions. Patterns of identical complaints can trigger broader investigation.

Who should file

Any US consumer who experienced deceptive business practices by UltaHost: false advertising, hidden upcharges, refund-policy backdating, etc.

Suggested subject line

Deceptive trade practices by UltaHost, Inc. (Delaware)

FTC Report regarding UltaHost, Inc.

Specific deceptive practices observed:
1. Advertised "30-day money-back guarantee" while refund policy excludes annual plans, biennial plans, dedicated servers, crypto payments, and promo-code purchases — none of which is disclosed at checkout.
2. Refund policy backdating: UltaHost has been documented updating their refund policy to add new exclusions WITHOUT updating the "Last Revised" date (currently still shows 4/1/2021).
3. Advertised "full-featured VPS" but PTR records and Port 25 are locked behind a $117 minimum upcharge not disclosed before purchase.
4. Refund policy contains clause classifying customer chargebacks as "criminal fraud" — a contractual intimidation mechanism designed to deter exercise of statutory consumer-protection rights.

[Add your specific experience]

[YOUR NAME] / [YOUR EMAIL] / [DATE]

Open FTC filing form

Template 4

UK Action Fraud / Trading Standards

Why file

UltaHost operates ULTAHOST LTD UK (Companies House 14567126) — a UK-registered entity. UK Trading Standards and Action Fraud have jurisdiction over deceptive practices affecting UK consumers.

Who should file

Any UK consumer who experienced deceptive business practices by UltaHost.

Suggested subject line

Consumer Protection Act violation by ULTAHOST LTD (UK Co. 14567126)

Action Fraud / Trading Standards Report

UK Entity: ULTAHOST LTD (Companies House registration 14567126)
Registered address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ
Sole Director: Elin Doughous (Turkish nationality, resident Izmit, Turkey)

Issue:
[Describe what you ordered, what was advertised, what was delivered (or not), and the financial loss]

Statutory framework potentially violated:
- Consumer Rights Act 2015 (Section 50 — services must be performed with reasonable care and skill)
- Consumer Protection from Unfair Trading Regulations 2008 (Regulation 5 — misleading actions)
- Consumer Contracts Regulations 2013 (cancellation rights)

[YOUR NAME] / [YOUR EMAIL] / [DATE]

Open UK filing form

Template 5

UK Companies House (shell-company concerns)

Why file

ULTAHOST LTD UK is structured as a £10,000 one-person shell company at a mass-registration address. UK Companies House does not investigate company conduct directly, but reporting concerns may flow to HMRC, Insolvency Service, or the Economic Crime team.

Who should file

Anyone with concerns about the shell-company structure, particularly UK lawyers, journalists, or consumer-protection bodies.

Suggested subject line

Concern about ULTAHOST LTD (Co. 14567126) — shell structure operating multimillion-dollar fraud-enabling service

Concern reported to UK Companies House / HMRC Economic Crime

Company: ULTAHOST LTD
Registration: 14567126
Registered office: 71-75 Shelton Street, Covent Garden, London (mass-registration address)
Director and Secretary: Elin Doughous (Turkish nationality, Turkey residence)
Share capital: £10,000

Concern:
This UK entity is structurally a £10,000 one-person shell, but is part of an international operation generating multimillion-dollar revenue. The same family operates branded entities in Delaware (USA), Dubai, and Istanbul per UltaHost's own published Terms of Service. The operational reality of an internet hosting business with 49,239 domains across 5,553 IP addresses (AS214036) does not align with the filed UK accounts of a £10,000-capital shell.

The associated brand (UltaHost) is publicly under ICANN Notice of Breach (5 February 2025) for failure to act on abuse reports, and ranks #3 worst registrar globally per PhishDestroy (April 2026). It is reasonable to ask whether the UK entity is being used as a jurisdictional veneer for purposes including but not limited to: tax minimization, liability arbitrage, and customer-facing UK-presence claims that the actual operations do not support.

I do not allege specific wrongdoing by Mr. Doughous personally; I report a structural concern that may warrant onward referral to HMRC, the Insolvency Service, or the National Crime Agency's Economic Crime team.

[YOUR NAME] / [YOUR EMAIL] / [DATE]

Open UK filing form

Template 6

RIPE NCC (bogon announcement)

Why file

UltaHost's AS214036 is documented at bgp.he.net as 'announces bogons' — invalid IP ranges that legitimate networks should never advertise. This is a violation of RIPE NCC network-hygiene policy.

Who should file

Network operators, security researchers, and ISPs who have observed UltaHost AS214036 announcing bogon prefixes.

Suggested subject line

AS214036 (ULTAHOST-AS) — bogon announcement, possible RIPE policy violation

RIPE NCC report regarding AS214036

AS: AS214036 (ULTAHOST-AS)
Holder: UltaHost, Inc.
Allocated: 15 October 2024

Observation:
BGP.HE.net flags AS214036 as "announces bogons" — invalid or unassigned IP ranges that legitimate networks should not advertise. This is a network-hygiene failure with no legitimate operational use case. It is correlated in practice with abuse-friendly infrastructure providers.

UltaHost has already been issued an ICANN Notice of Breach (5 February 2025) for failure to act on DNS abuse reports under RAA §3.18.2.

I request that RIPE NCC review AS214036's announcements and consider whether further enforcement action is warranted under RIPE's network operations and abuse policies.

[YOUR NAME] / [YOUR EMAIL] / [DATE]

Open RIPE filing form

Template 7

Envato / CodeCanyon abuse (DoughouzForest seller)

Why file

The Doughouz family operates the DoughouzForest CodeCanyon brand (9,982 purchases). WoWonder Trustpilot reviewers repeatedly allege the scripts contain backdoors. Envato has discretion to suspend sellers based on customer-reported safety concerns.

Who should file

Anyone who purchased a DoughouzForest script (WoWonder, PlayTube, DeepSound, PixelPhoto) and has security concerns; cybersecurity researchers.

Suggested subject line

Reported backdoors in DoughouzForest scripts — seller suspension request

Envato Support — Marketplace Abuse Report

Seller: DoughouzForest (themeforest.net/user/doughouzforest)
Related products: WoWonder, PlayTube, DeepSound, PixelPhoto
Purchase volume: 9,982+

Concern:
Multiple verified Trustpilot reviewers of WoWonder allege the scripts contain backdoors:

  "These scammers have a back door in their script and hacked my site repeatedly... TOTAL SCAMMERS!"
  "I am associated with cyber security and w9wonder guys have... created and left backdoors in script means they can access your service anytime without your permission."
  "Scam site. It has backdoors, and creates automatic accounts on the site to publish ads after you purchase it for a period of time."

(Source: https://www.trustpilot.com/review/wowonder.com)

The same Doughouz family operates UltaHost, a hosting company under ICANN Notice of Breach (5 February 2025). UltaHost's "Envato Hosting" product specifically offers free installation of Envato scripts, creating a vertically-integrated structural conflict of interest: the family supplies the scripts, installs them on customer servers, and hosts them.

I request that Envato investigate the backdoor allegations and consider suspending the DoughouzForest seller account pending an independent security audit.

[YOUR NAME] / [YOUR EMAIL] / [DATE]

Open Envato filing form

Why parallel filing matters

UltaHost's structural defense is jurisdictional shell-game. A single complaint to a single authority can be deflected. Parallel complaints across ICANN, BBB, FTC, UK Action Fraud, Companies House, RIPE NCC, and Envato hit every layer of their operation simultaneously and cannot all be dismissed.

You don't need to be a lawyer. Each authority has a public filing form linked in the template above. Total time per filing: 15-30 minutes. The cumulative effect across thousands of victims is what enforcement bodies act on.

I'm a victim — full recovery guide → See documented victim cases →