Submitted URL: https://www.eventbrite.com/e/?q=paypal-login
Effective URL: https://www.eventbrite.com/
Submission: On January 11 via automatic , source phishtank

Summary

This website contacted 8 IPs in 2 countries across 8 domains to perform 15 HTTP transactions.
The main IP is 52.22.172.91, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is www.eventbrite.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on July 13th 2018. Valid for: 7 months.
This is the first time this domain was scanned on urlscan.io!

Verdict: Malicious (Score: 10/100) Show Details

  • urlscan - Score: 0
  • phishtank - Score: 10 (URL submitted from phishtank) -
    phishing

Domain & IP information

IP Address AS Autonomous System
1 2 52.22.172.91 14618 (AMAZON-AES)
5 151.101.2.110 54113 (FASTLY)
1 52.85.188.208 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 52.216.134.85 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 35.190.88.7 15169 (GOOGLE)
15 8
Domain
Subdomains
Transfer
5 evbstatic.com
2 MB
3 google-analytics.com
51 KB
2 bugsnag.com
371 B
2 eventbrite.com
31 KB
1 google.de
367 B
1 google.com
438 B
1 amazonaws.com
167 KB
1 d2wy8f7a9ursnm.cloudfront.net
10 KB
15 8
Domain Requested by
5 cdn.evbstatic.com www.eventbrite.com
2 sessions.bugsnag.com d2wy8f7a9ursnm.cloudfront.net
www.eventbrite.com
2 www.google-analytics.com www.eventbrite.com
www.google-analytics.com
2 www.eventbrite.com 1 redirects
1 ampcid.google.de www.google-analytics.com
1 ampcid.google.com www.google-analytics.com
1 s3.amazonaws.com www.eventbrite.com
1 ssl.google-analytics.com www.eventbrite.com
1 d2wy8f7a9ursnm.cloudfront.net www.eventbrite.com
15 9
Subject / Issuer Validity Valid
*.eventbrite.com
DigiCert SHA2 High Assurance Server CA
2018-07-13 -
2019-02-13
7 months
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-01-08 -
2019-04-14
3 months
*.cloudfront.net
DigiCert Global CA G2
2018-10-08 -
2019-10-09
a year
*.google-analytics.com
Google Internet Authority G3
2018-12-19 -
2019-03-13
3 months
s3.amazonaws.com
DigiCert Baltimore CA-2 G2
2018-12-03 -
2019-10-25
a year
*.google.com
Google Internet Authority G3
2018-12-19 -
2019-03-13
3 months
*.bugsnag.com
COMODO RSA Domain Validation Secure Server CA
2018-05-18 -
2020-06-01
2 years

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Web
Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i

Web
Overall confidence: 100%
Detected patterns
  • env /^BugSnag$/i

Web
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Web
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i

Web
Overall confidence: 100%
Detected patterns
  • env /^optimizely$/i

Web
Overall confidence: 100%
Detected patterns
  • env /^webpackJsonp$/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set /

Redirect Chain
  • https://www.eventbrite.com/e/?q=paypal-login
  • https://www.eventbrite.com/
131 KB
29 KB
Document
General
Full URL
https://www.eventbrite.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.22.172.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-22-172-91.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5c1a26f50172372addebf1a5f325c97fff05a81457d0ec38d10125369f609d0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.eventbrite.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Cookie
mgrefby=; G=v%3D2%26i%3D334ab330-a7bd-497b-aad8-1a5796d3adf6%26a%3Dafc%26s%3Defdacbb4a5fe5d0f5b18391423f0238ad5ef8dd6; ebEventToTrack=; SS=AE3DLHS6fqrg_XPfa0oDmRC19McE8UwFqg; eblang=lo%3Den_US%26la%3Den-us; AN=; AS=65fe40a7-23ad-4dc8-8aa9-55a3eb4f5df8; mgref=typeins; SP=AGQgbbnPsLYsIGNkIeSXiodIwG3jXVVovx23BVbrvkDNAohQxMn3NjZsHt1sjlqeuoUkS3SiDP3h40KzjURjh9KcJCXBiH0NBhIRq43oTqxywMCsjJI2_Xr6i3XfJ0qDH8zOUe8fFswKtwGImG6bUZPOEmxh7rgbVJAPfEcFWbQTuMn26HoeFTRMSglBgGGOAR-UWY9tXK5f3jdBtt5kulTMTIRGhOyhyN1aX9mvI3_NAIDdZ-ryq44; csrftoken=2bd64dec15d711e9a3ef9f1357924e13
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server
nginx
Date
Fri, 11 Jan 2019 19:29:11 GMT
Content-Type
text/html
Content-Length
27613
Connection
keep-alive
x-xss-protection
1; mode=block
x-content-type-options
nosniff
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Vary
Cookie, Accept-Encoding
X-UA-Compatible
IE=edge
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Frame-Options
SAMEORIGIN
Set-Cookie
ebEventToTrack=; Domain=.eventbrite.com; expires=Sun, 10-Feb-2019 19:29:11 GMT; httponly; Path=/; secure SS=AE3DLHS6fqrg_XPfa0oDmRC19McE8UwFqg; Domain=.eventbrite.com; httponly; Path=/; secure SP=AGQgbbnS02IuklEZoXabNbpSDmaLkEeeVca6jxAyieQbtc8F9epyfoX7eCsr-UueJDV13z4JrgTtE4a3DSvluPsL6qpK4Gtf15DfD3BY2lrFrAVS2JgRok6MLLSdWG9KfGqUFocZ6Rf_OuhUKeJQOpAXOQ-j1a1nKzF_E7UpeGWp2FVmsvHXhu5UnvZUFePro-0HSSbRW5HJkWqC5A4yM6MM27wdASBFDAba4BwuDK5qOz0NpzrFT98; Domain=.eventbrite.com; httponly; Path=/; secure AN=; Domain=.eventbrite.com; expires=Sun, 10-Feb-2019 19:29:11 GMT; httponly; Path=/; secure AS=65fe40a7-23ad-4dc8-8aa9-55a3eb4f5df8; Domain=.eventbrite.com; httponly; Path=/; secure location=%7B%22place_id%22%3A%20%22101913837%22%2C%20%22place_type%22%3A%20%22locality%22%2C%20%22current_place_parent%22%3A%20%22Germany%22%2C%20%22longitude%22%3A%208.6299%2C%20%22current_place%22%3A%20%22Frankfurt%20am%20Main%22%2C%20%22latitude%22%3A%2050.1025%2C%20%22slug%22%3A%20%22germany--frankfurt-am-main%22%7D; Domain=.eventbrite.com; expires=Sun, 10-Feb-2019 19:29:11 GMT; httponly; Path=/; secure csrftoken=2bd64dec15d711e9a3ef9f1357924e13; Domain=.eventbrite.com; expires=Fri, 10-Jan-2020 19:29:11 GMT; Max-Age=31449600; Path=/; secure SERVERID=djc47; path=/; HttpOnly; Secure
Cache-control
private

Redirect headers

Server
nginx
Date
Fri, 11 Jan 2019 19:29:11 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
x-xss-protection
1; mode=block
x-content-type-options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Location
https://www.eventbrite.com/
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-UA-Compatible
IE=edge
Set-Cookie
mgrefby=; Domain=.eventbrite.com; expires=Sat, 11-Jan-2020 19:29:11 GMT; httponly; Max-Age=31536000; Path=/; secure G=v%3D2%26i%3D334ab330-a7bd-497b-aad8-1a5796d3adf6%26a%3Dafc%26s%3Defdacbb4a5fe5d0f5b18391423f0238ad5ef8dd6; Domain=.eventbrite.com; expires=Sat, 11-Jan-2020 19:29:11 GMT; httponly; Path=/; secure ebEventToTrack=; Domain=.eventbrite.com; expires=Sun, 10-Feb-2019 19:29:11 GMT; httponly; Path=/; secure SS=AE3DLHS6fqrg_XPfa0oDmRC19McE8UwFqg; Domain=.eventbrite.com; httponly; Path=/; secure eblang=lo%3Den_US%26la%3Den-us; Domain=.eventbrite.com; expires=Sat, 11-Jan-2020 19:29:11 GMT; httponly; Path=/; secure AN=; Domain=.eventbrite.com; expires=Sun, 10-Feb-2019 19:29:11 GMT; httponly; Path=/; secure AS=65fe40a7-23ad-4dc8-8aa9-55a3eb4f5df8; Domain=.eventbrite.com; httponly; Path=/; secure mgref=typeins; Domain=.eventbrite.com; expires=Sat, 11-Jan-2020 19:29:11 GMT; httponly; Max-Age=31536000; Path=/; secure SP=AGQgbbnPsLYsIGNkIeSXiodIwG3jXVVovx23BVbrvkDNAohQxMn3NjZsHt1sjlqeuoUkS3SiDP3h40KzjURjh9KcJCXBiH0NBhIRq43oTqxywMCsjJI2_Xr6i3XfJ0qDH8zOUe8fFswKtwGImG6bUZPOEmxh7rgbVJAPfEcFWbQTuMn26HoeFTRMSglBgGGOAR-UWY9tXK5f3jdBtt5kulTMTIRGhOyhyN1aX9mvI3_NAIDdZ-ryq44; Domain=.eventbrite.com; httponly; Path=/; secure csrftoken=2bd64dec15d711e9a3ef9f1357924e13; Domain=.eventbrite.com; Max-Age=31449600; Path=/
X-Varnish
954566523
Age
0
Via
1.1 varnish (Varnish/5.1)
eds.css
cdn.evbstatic.com/s3-build/33904-rc2019-01-09_16.04-fca81f3/js/node_modules/eventbrite_design_system/css
418 KB
51 KB
Stylesheet
General
Full URL
https://cdn.evbstatic.com/s3-build/33904-rc2019-01-09_16.04-fca81f3/js/node_modules/eventbrite_design_system/css/eds.css
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fce389fccab28945bcd087f361ba90c5bc522bf0662e8670419260286cac89db

Request headers

Referer
https://www.eventbrite.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 19:29:11 GMT
content-encoding
gzip
age
72055
via
1.1 varnish
x-cache
HIT
status
200
x-cache-hits
2328
content-length
51852
x-amz-id-2
vvtxhM+dyYsp4mwVSS3sOSlQrPhbPNF+RtYo4xFvDP7y0C12sPxp/KKwPVKuATEhb+tO+hOHWMk=
x-served-by
cache-hhn1542-HHN
last-modified
Thu, 10 Jan 2019 21:20:09 GMT
server
AmazonS3
x-timer
S1547234952.853102,VS0,VE0
etag
"29277d10324958b2fa409216f912ec39"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-request-id
251C09A80D1C7F62
access-control-allow-origin
*
cache-control
private, max-age=604800
accept-ranges
bytes
content-type
text/css
expires
Tue, 09 Jul 2019 21:19:41 GMT
newHomeExperiment.css
cdn.evbstatic.com/s3-build/33904-rc2019-01-09_16.04-fca81f3/js/bundles
253 KB
13 KB
Stylesheet
General
Full URL
https://cdn.evbstatic.com/s3-build/33904-rc2019-01-09_16.04-fca81f3/js/bundles/newHomeExperiment.css
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f7919b79bd161bd1a97488c267c8e1299cdcf37c71bd391c8f7abd379c643c68

Request headers

Referer
https://www.eventbrite.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 19:29:11 GMT
content-encoding
gzip
age
70784
via
1.1 varnish
x-cache
HIT
status
200
x-cache-hits
7
content-length
12947
x-amz-id-2
F+L0j2R7EMYsBoCtuQn2DYCoPUzNrdLKbL+tA+uOHbrSwNsX4eBbqAxdYMfwYYSnc3hAhMPNfbA=
x-served-by
cache-hhn1542-HHN
last-modified
Thu, 10 Jan 2019 21:20:26 GMT
server
AmazonS3
x-timer
S1547234952.853464,VS0,VE0
etag
"4e7abf80861824ccb5d187c51d9b5b80"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-request-id
092149D515BC4E52
access-control-allow-origin
*
cache-control
private, max-age=604800
accept-ranges
bytes
content-type
text/css
expires
Tue, 09 Jul 2019 21:19:41 GMT
bugsnag.min.js
d2wy8f7a9ursnm.cloudfront.net/v4.1.0-1
33 KB
10 KB
Script
General
Full URL
https://d2wy8f7a9ursnm.cloudfront.net/v4.1.0-1/bugsnag.min.js
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.188.208 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-188-208.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e370d67b6bb20bbdd3291a72c7b0986a3ab67b4d98b8cf6d71742a8520d514d4

Request headers

Referer
https://www.eventbrite.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Wed, 05 Dec 2018 15:47:19 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Dec 2017 20:35:26 GMT
Server
AmazonS3
Age
3210112
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 0316586b8fd7e325258707448d98d7cd.cloudfront.net (CloudFront)
Cache-Control
public, max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
fBKbqAf6aDurt1OFDAu8FD-0PMEk5DLbgwAWS4KW2C_pqdh1fbp_CA==
jsi18n_en-us.js
cdn.evbstatic.com/s3-build/perm_001/3709ea/django/js/src/jsi18n
4 KB
1 KB
Script
General
Full URL
https://cdn.evbstatic.com/s3-build/perm_001/3709ea/django/js/src/jsi18n/jsi18n_en-us.js
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6281396f6a760ebd1a4cb9ea9f99a2d233f42af035ddba01805e9c4d9b73a1cc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.eventbrite.com/
Origin
https://www.eventbrite.com

Response headers

date
Fri, 11 Jan 2019 19:29:11 GMT
content-encoding
gzip
age
2987161
via
1.1 varnish
x-cache
HIT
status
200
x-cache-hits
42916
content-length
1078
x-amz-id-2
hcY6PyUlRCx1R+sV+2bb47D+gPGpaFL5o2YXUxrkykpDl6AxyPz5ohdgNeEam1fso5Ap2V6CwVc=
x-served-by
cache-hhn1534-HHN
last-modified
Thu, 25 Aug 2016 22:49:16 GMT
server
AmazonS3
x-timer
S1547234952.856287,VS0,VE0
etag
"3709ea3623fb2ea119ce47ff4ae0c76c"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-request-id
57A1DCC121922598
access-control-allow-origin
*
cache-control
private, max-age=604800
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 21 Feb 2017 22:46:15 GMT
common.web.js
cdn.evbstatic.com/s3-build/33904-rc2019-01-09_16.04-fca81f3/js/bundles
5 MB
1 MB
Script
General
Full URL
https://cdn.evbstatic.com/s3-build/33904-rc2019-01-09_16.04-fca81f3/js/bundles/common.web.js
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
13686fe45ab47514f94a52bf97767ace58f7a9b7238683ba7d5e77e71ef7b0d9

Request headers

Referer
https://www.eventbrite.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 19:29:11 GMT
content-encoding
gzip
age
72055
via
1.1 varnish
x-cache
HIT
status
200
x-cache-hits
16
content-length
1239041
x-amz-id-2
qCXFjKvJdvNQwcmeBeI3ECs+cWUHrgVLTMW+28OcDZYKZuruJw3hDr70RU+dpBl/6ELBKGKyjUs=
x-served-by
cache-hhn1542-HHN
last-modified
Thu, 10 Jan 2019 21:20:08 GMT
server
AmazonS3
x-timer
S1547234952.859435,VS0,VE0
etag
"0551bb51db2ec963f9565e21ad7c2832"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-request-id
60456CCB714866B0
access-control-allow-origin
*
cache-control
private, max-age=604800
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 09 Jul 2019 21:19:41 GMT
newHomeExperiment.web.js
cdn.evbstatic.com/s3-build/33904-rc2019-01-09_16.04-fca81f3/js/bundles
3 MB
833 KB
Script
General
Full URL
https://cdn.evbstatic.com/s3-build/33904-rc2019-01-09_16.04-fca81f3/js/bundles/newHomeExperiment.web.js
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
26068f0cd7ca7773bba5e2ec988c74fc9bb8a8d4f7b15f161ba76217b4fd1d28

Request headers

Referer
https://www.eventbrite.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 19:29:11 GMT
content-encoding
gzip
age
70894
via
1.1 varnish
x-cache
HIT
status
200
x-cache-hits
6
content-length
852564
x-amz-id-2
22sTKhcsg2aWnpJ1uCotYSA1sDAY3w2rxVCGThYxLNuqDOp/dpBfoPCXZ0uzZqW83krOvRVqpFc=
x-served-by
cache-hhn1542-HHN
last-modified
Thu, 10 Jan 2019 21:20:03 GMT
server
AmazonS3
x-timer
S1547234952.859630,VS0,VE0
etag
"38e9fdc1e6c50ef9978f265c51001805"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-request-id
71953970C836E5C4
access-control-allow-origin
*
cache-control
private, max-age=604800
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 09 Jul 2019 21:19:41 GMT
ga.js
ssl.google-analytics.com
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:824::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.eventbrite.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 05 Nov 2018 21:10:09 GMT
server
Golfe2
age
5271
date
Fri, 11 Jan 2019 18:01:20 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
17168
expires
Fri, 11 Jan 2019 20:01:20 GMT
Adblocked analytics.js
www.google-analytics.com
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:824::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.eventbrite.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 05 Nov 2018 21:10:09 GMT
server
Golfe2
age
2405
date
Fri, 11 Jan 2019 18:49:06 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
17404
expires
Fri, 11 Jan 2019 20:49:06 GMT
bg-desktop-rapoport.jpg
s3.amazonaws.com/eventbrite-s3/marketing/landingpages/home-redesign
167 KB
167 KB
Image
General
Full URL
https://s3.amazonaws.com/eventbrite-s3/marketing/landingpages/home-redesign/bg-desktop-rapoport.jpg
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.134.85 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01c54b43495d322534066b603dfad94d81cda62be697fb21bfb0cef8fd3d5458

Request headers

Referer
https://cdn.evbstatic.com/s3-build/33904-rc2019-01-09_16.04-fca81f3/js/bundles/newHomeExperiment.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 11 Jan 2019 19:29:13 GMT
Last-Modified
Wed, 12 Sep 2018 20:36:42 GMT
Server
AmazonS3
x-amz-request-id
35D895542ABCBAFF
ETag
"d8b53266724271c755910952380f27f3"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
170715
x-amz-id-2
qqF1U6ewucd5SmNg3Wj6ghWoYr+mhU10hG90pOZvRVwju6/h8Ku4Yp/ExyR3IdiCULXX31DwWbw=
publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
ampcid.google.com/v1
74 B
438 B
XHR
General
Full URL
https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.eventbrite.com/
Origin
https://www.eventbrite.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 11 Jan 2019 19:29:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.eventbrite.com
access-control-expose-headers
content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
94
x-xss-protection
1; mode=block
/
sessions.bugsnag.com
0
222 B
XHR
General
Full URL
https://sessions.bugsnag.com/
Requested by
Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v4.1.0-1/bugsnag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.88.7 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
7.88.190.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://www.eventbrite.com
Referer
https://www.eventbrite.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type

Response headers

date
Fri, 11 Jan 2019 19:29:12 GMT
via
1.1 google
access-control-allow-origin
*
access-control-allow-methods
POST
status
200
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
alt-svc
clear
content-length
0
publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
ampcid.google.de/v1
3 B
367 B
XHR
General
Full URL
https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.eventbrite.com/
Origin
https://www.eventbrite.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 11 Jan 2019 19:29:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.eventbrite.com
access-control-expose-headers
content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
23
x-xss-protection
1; mode=block
Adblocked js?id=GTM-TQNBR5M&cid=2138109304.1547234952
www.google-analytics.com/gtm
45 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-TQNBR5M&cid=2138109304.1547234952
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:824::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
c05c8d82425aae044e17ab3867ce6f46e414f0eed07226635ab1a9cb521cd67c
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.eventbrite.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 11 Jan 2019 19:29:12 GMT
content-encoding
gzip
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
server
Google Tag Manager (scaffolding)
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
17718
x-xss-protection
1; mode=block
expires
Fri, 11 Jan 2019 19:29:12 GMT
/
sessions.bugsnag.com
21 B
149 B
XHR
General
Full URL
https://sessions.bugsnag.com/
Requested by
Host: www.eventbrite.com
URL: https://www.eventbrite.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.88.7 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
7.88.190.35.bc.googleusercontent.com
Software
/
Resource Hash
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version
1.0
Origin
https://www.eventbrite.com
Referer
https://www.eventbrite.com/
Bugsnag-Sent-At
2019-01-11T19:29:12.181Z
Bugsnag-Api-Key
85191ee1208c343458906f7573d09a18
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 11 Jan 2019 19:29:12 GMT
via
1.1 google
status
202
content-type
application/json
access-control-allow-origin
*
bugsnag-session-uuid
9dda034c-6e07-4e1a-9603-ed9d53c37340
alt-svc
clear
content-length
21

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • https://www.eventbrite.com/e/?q=paypal-login
  • https://www.eventbrite.com/

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| EBFONT_PROPERTIES object| EB object| _gaq string| GoogleAnalyticsObject function| ga object| optimizely object| _gat object| google_tag_data object| gaplugins function| bugsnag object| bugsnagClient object| django function| pluralidx function| gettext function| ngettext function| interpolate function| gettext_noop function| pgettext function| npgettext function| get_format object| EB_I18N object| __i18n__ object| __SERVER_DATA__ object| gaGlobal object| dataLayer object| google_tag_manager function| webpackJsonp object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| _ object| google_optimize

0 Cookies

2 Console Messages

Source Level URL
Text
console-api debug URL: https://d2wy8f7a9ursnm.cloudfront.net/v4.1.0-1/bugsnag.min.js, Line 1, Column18024
Message:
[bugsnag]
console-api warning URL: https://d2wy8f7a9ursnm.cloudfront.net/v4.1.0-1/bugsnag.min.js, Line 1, Column28921
Message:
[bugsnag]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block