0/100

low Risk

ultimatesewingchair.com

https://ultimatesewingchair.com/

66.29.132.135 · Namecheap, Inc.

Location

Los Angeles, United States

Domain Age

902 days

HTTP

200 · 27.7s

SSL

Valid· Sectigo Public Server Authentication CA DV R36, Sectigo Limited, GB

Status

COMPLETED

Visual Evidence

Zoom

Title: "Ultimate Sewing Chair - Ergonomic Chairs Designed For Sewing"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Ultimate Sewing Chair

Vendors

30/31

Status

partial

✓ yandex✓ apple✓ avast✓ bitdefender✓ brightcloud✓ avg✓ eset✓ drweb✓ microsoft✗ norton✓ polyswarm✓ sophos✓ apwg✓ openphish✓ urlquery✓ isitphish✓ cisa✓ urlscan✓ netcraft✓ spamhaus✓ phishtank✓ chainpatrol✓ emsisoft✓ phishreport✓ virustotal✓ urlabuse✓ threatyeti✓ mcafee✓ kaspersky✓ fortiguard✓ google

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Ultimate Sewing Chair

Unknown

finance | technology | ecommerce | government | other · 6/3/2026

Summary

The page presents branding for Ultimate Sewing Chair with IRS impersonation signals in the domain intelligence. The page title references IRS, which is inconsistent with the domain ultimatesewingchair.com and suggests impersonation. Technical signals show SPA-like behavior with numerous external scripts and analytics calls, but there is no direct credential harvesting form detected in static HTML. Visual cues in the screenshot indicate a branded chair site, not an official IRS site; however, the domain appears legitimate for Ultimate Sewing Chair, while the page title impersonates a government agency. Overall, evidence supports impersonation signals rather than a clear credential phishing flow on the observed surface, but the site’s SPA nature and external assets warrant caution. Analyst flagged likely cloaking/evasion behavior for this target. Analyst context noted: Website is manipulating Google and cloaking with Turkish IP to show betting information with pshishing details Analyst note: this target may cloak content or block scanners.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://region1.google-analytics.com/g/collect?v=2&tid=G-WGC568R7ZM&gtm=45Pe6581v9217373730za200zd9217373730&_p=1778586904647&gcd=13l3l3l2l1l1&npa=1&dma_cps=a&dma=1&gdid=dZTNiMT&are=1&cid=1424614758.1778586905&frm=0&pscdl=noapi&rcb=11&sr=1280x720&uaa=x86&uab=64&uafvl=Not%253AA-Brand%3B99.0.0.0%7CHeadlessChrome%3B145.0.7632.6%7CChromium%3B145.0.7632.6&uam=&uamb=0&uap=Windows&uapv=10.0&uaw=0&ul=en-us&_s=1&tag_exp=0~115938465~115938468~118463262&sid=1778586904&sct=1&seg=0&dl=https%3A%2F%2Fultimatesewingchair.com%2F&dt=Ultimate%20Sewing%20Chair%20-%20Ergonomic%20Chairs%20Designed%20For%20Sewing&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4805.

▸Distinctive asset clues: jquery.min.js, jquery-migrate.min.js, frontend.min.css, post-298.css, Color-logo-no-background.png, Ridgecrest-Meadow.png.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 121

Hosts: 6

Domains: 6

Observed Signals (1)

Impersonation signal via page title referencing IRS on a non-official domain

Observed Indicators (1)

▸Page title impersonating IRS

Risk AssessmentUsed in abuse reports

The domain presents clear impersonation signals via the page title referencing IRS on a non-official domain, which is a phishing-like tactic aimed at impersonation. While the current HTML lacks a static login form, the SPA nature with many external scripts and potential credential capture logic in JS warrants suspicion. Given the impersonation cue and the site's behavior of loading analytics and third-party scripts, the page should be monitored for credential harvesting or malware delivery via dynamic forms. Therefore, escalate for abuse review and continued monitoring; block or suspend only if corroborated by credential theft indicators or detectable abuse payloads. Analyst-reported cloaking/evasion suspicion increases confidence that the operator is actively attempting to evade automated security analysis. Analyst context was provided and corroborated during this assessment (Website is manipulating Google and cloaking with Turkish IP to show betting information with pshishing details Analyst note: this target may cloak content or block scanners.).

Recommended Action

Monitor

Cross-Reference9

URL Intelligence