Did UltaHost receive an official ICANN breach notice?

Yes. On February 5, 2025, ICANN issued a formal Notice of Breach to UltaHost, Inc. (IANA #4331) for violations of the Registrar Accreditation Agreement, including failure to mitigate DNS abuse (Section 3.18.2) and failure to provide abuse records (Section 3.18.4).

How many phishing domains have been reported on UltaHost?

As of April 2026, PhishDestroy has flagged 728 phishing domains registered through UltaHost, Inc. with 433 formal abuse reports filed. 245 domains (33.7%) remain alive, and 57% of reported phishing domains remain active despite formal complaints. 98.4% were confirmed malicious by VirusTotal.

What is UltaHost's BBB rating?

UltaHost has a D rating from the Better Business Bureau (BBB). They are not accredited. 6 complaints have been filed, with failure to respond to at least 1.

What uptime has been recorded for UltaHost?

WebsitePlanet's independent 2026 test recorded only 43.78% uptime over one month, with the site down for 17 consecutive days. The industry standard is 99.9% uptime.

Who founded UltaHost?

UltaHost was founded by brothers Elin Doughouz (CEO) and Deen Doughouz (CTO), who also founded ScriptSun Ltd, WoWonder, PlayTube, DeepSound, PixelPhoto, and Wolvor Global through Doughouz Group Ltd.

Does UltaHost offer DMCA ignored hosting?

Yes. UltaHost actively markets DMCA Ignored VPS, DMCA Ignored Dedicated servers, and Anonymous VPS products through offshore data centers in the Netherlands and Luxembourg. Their website states 'complete freedom of material' and notes it is 'possible to violate the laws, rules, or cultural norms of one or more countries.'

What is UltaHost's fraud risk score?

Scamalytics rates UltaHost, Inc. as a medium fraud risk ISP with a score of 40/100, meaning approximately 37% of web traffic from their infrastructure is suspected to be potentially fraudulent.

Full chronology

UltaHost Timeline: 2018 Istanbul Founding to 2026 #3 Worst Registrar Globally

Every documented date in the UltaHost story, in chronological order. From Istanbul founding to the ICANN breach to the 728 phishing domains live as of April 2026.

2018Background

Doughouz family founds operations in Istanbul, Turkey

Elin Ander Doughouz and brother Deen Doughouz (later joined by third brother Younes Doughouz) begin running tech ventures from Turkey. Their parent entity, Doughouz Group, will later operate ScriptSun, WoWonder, PlayTube, DeepSound, PixelPhoto, and Wolvor Global “Military technology providers.”

2021Background

UltaHost Inc. incorporates in Delaware, USA

Registered to 651 N Broad St Suite 206 — a mass-corporate-services registered-agent address, not an operational office. The Delaware entity establishes the US-facing veneer of the operation.

3 Jan 2023Warning

ULTAHOST LTD UK incorporated as a £10,000 shell company

Companies House registration No. 14567126:

● Registered office: 71-75 Shelton Street, Covent Garden, London — mass-registration address used by thousands of shell companies
● Sole director AND sole secretary: Elin Doughous (Turkish nationality, resident in Izmit, Kocaeli, Turkey)
● Share capital: £10,000 (minimal)
● 75%+ ownership and voting rights held by single individual

Source: UK Companies House — Company 14567126

Sept 2024Background

UltaHost signs ICANN Registrar Accreditation Agreement

Assigned IANA registrar ID #4331. UltaHost is now contractually obligated to follow ICANN's Registrar Accreditation Agreement (RAA) including Sections 3.18.2 (mitigate DNS abuse) and 3.18.4 (provide abuse records).

15 Oct 2024Background

RIPE NCC assigns Autonomous System AS214036 to UltaHost

UltaHost now operates its own AS (ULTAHOST-AS) — 49,239 domains across 5,553 IP addresseswith 7 upstream carriers. BGP.HE.net later reports the AS “announces bogons” — invalid IP ranges associated with abuse-friendly infrastructure.

End of Oct 2024Critical

UltaHost has ZERO .com domain registrations

DomainNameWire reports: “Ultahost signed its accreditation agreement in September and was assigned IANA#4331. As of the end of October, it had no .com registrations.” Their entire registrar business launched with zero legitimate .com customers — suggesting the registrar accreditation was sought to attract abuse-friendly business from the outset.

Source: DomainNameWire (Feb 5, 2025)

5 Feb 2025Critical

ICANN issues official Notice of Breach to UltaHost

ICANN's compliance division issues a formal Notice of Breach to UltaHost (IANA #4331) for violations of the Registrar Accreditation Agreement:

● RAA §3.18.2: failure to mitigate DNS abuse
● RAA §3.18.4: failure to provide abuse records
● RDAP non-compliance: no IPv6, conflicting version info
● Data escrow, contact info, and policy disclosure failures

UltaHost is given 21 days to cure the breach (deadline: 26 February 2025). This is one of only a very small number of such notices issued to any registrar in 2025.

Source: ICANN Compliance Notice PDF

26 Feb 2025Critical

ICANN cure deadline passes — UltaHost has NOT cured the breach

The 21-day cure period expires. UltaHost has not demonstrated compliance. The breach remains active. ICANN's next escalation steps could include suspension or termination of registrar accreditation, but ICANN chooses to allow more time.

Jan 2026Warning

PhishDestroy begins systematic flagging of UltaHost phishing domains

Independent anti-phishing organization PhishDestroy begins filing formal abuse reports on domains registered through UltaHost. By the end of February 2026, the count reaches 422 flagged phishing domains. The majority remain live after reports.

Source: PhishDestroy registrar stats

March 2026Warning

ICANN breach "cure" finally completed — over a year past deadline

After more than 13 months past the official cure deadline, UltaHost is recorded as having cured the February 2025 breach. During the unresolved period, hundreds of additional phishing domains were registered through UltaHost infrastructure.

April 2026Critical

Industry directories openly classify UltaHost as bulletproof hosting

Four independent classifications now name UltaHost as bulletproof hosting:

● Bolster AI — anti-phishing cybersecurity firm
● HostAdvice — “8 Best Bulletproof Hosting Providers” (calls UltaHost “the best”)
● WebsitePlanet — “7 Best DMCA-Ignored Hosting”
● OnlyLoudest — UltaHost ranked #2

April 18, 2026Critical

PhishDestroy data: 728 flagged domains, 245 still alive, #3 worst registrar globally

PhishDestroy's analysis of 342 million domains across 104 registrars ranks UltaHost the #3 worst registrar in the world (risk score 68/100):

● 728 flagged phishing domains (up from 422)
● 433 formal abuse reports filed
● 245 domains still alive (33.7% alive rate)
● 57% of reported domains remain active after formal complaints
● 98.4% confirmed malicious by VirusTotal

Source: PhishDestroy registrar stats

April 29, 2026Critical

UltaHostAbuse.com publishes Round 5 "Money Trail" investigation

Round 5 documents the financial mechanism sustaining UltaHost: 70% affiliate commissions (industry standard 20-40%) paid in cryptocurrency; an Envato/CodeCanyon backdoor pipeline run by the same Doughouz family; a refund policy that pre-classifies chargebacks as “criminal fraud”; and HostAdvice openly listing UltaHost as a top Telegram Hosting service used by carding, wallet drainers, and pig-butchering ring management.

Source: Round 5 Investigation

The story in one sentence

A Turkish family operating from Istanbul incorporates shell companies in Delaware and the UK, signs up as an ICANN registrar in September 2024 with zero legitimate .com customers, gets cited by ICANN within months for failing to act on abuse reports, drags the cure out for over a year, and by April 2026 has been ranked the #3 worst registrar globally by PhishDestroy — with 728 phishing domains flagged, 245 still live, and four independent industry directories now openly classifying them as “bulletproof hosting.”