Well, they arent mitigating vulnerabilities on their domain.
web01.pwccmarketplace.com has 1.5 pages of apache vulnerabilities
They are hosting some things in AWS (cloud)
This website is the xml for about 1000 card url's (The Jeter PSA 10 youre looking for isnt in the list)
https://s3-us-west-2.amazonaws.com/pwccauctions/
every line that looks like this: <Key>2015/2015_1/1000_10_1.jpg</Key> is an image, you can append the contents of <key> to the end of
https://s3-us-west-2.amazonaws.com/pwccauctions/ to get the image.
example:
https://s3-us-west-2.amazonaws.com/p.../1000_10_4.jpg
What I find interesting is some of the <key> tags are missing a file.
EDIT: THIS appears to be the filename of the Jeter PSA 10, and no surprise.. its broken.
<Error>
<Code>NoSuchKey</Code>
<Message>The specified key does not exist.</Message>
<Key>2018/2018_4/382_0418A5_1.jpg</Key>
<RequestId>24871BB5EF06FE34</RequestId>
<HostId>
Alo2KhVR3SKIhjaeSm3JZPzTvI+b7Uz2flBz5Te3toTMtUN1hqFISHJRUNMyYxA8lJR+9xdS/D8=
</HostId>
</Error>