urlscan.io logo urlscan.io
SecurityTrails logo

shop.smb.museum Open in urlscan Pro
148.251.122.18  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://shop.smb.museum/#/tickets/time?museum_id=14&group=timeSlot&date=2023-09-08
Effective URL: https://shop.smb.museum/
Submission: On September 07 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 45 HTTP transactions. The main IP is 148.251.122.18, located in Germany and belongs to HETZNER-AS, DE. The main domain is shop.smb.museum.
TLS certificate: Issued by R3 on August 1st 2023. Valid for: 3 months.
This is the only time shop.smb.museum was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
41 148.251.122.18 24940 (HETZNER-AS)
4 168.119.64.59 24940 (HETZNER-AS)
45 2
Apex Domain
Subdomains		 Transfer
26 gomus.de
smb.gomus.de
83 KB
15 smb.museum
shop.smb.museum
904 KB
4 giantmonkey.de
waitingroom.giantmonkey.de
1 KB
45 3
Domain Requested by
26 smb.gomus.de shop.smb.museum
15 shop.smb.museum shop.smb.museum
4 waitingroom.giantmonkey.de shop.smb.museum
45 3

This site contains links to these domains. Also see Links.

Domain
www.smb.museum
www.gomus.de
Subject Issuer Validity Valid
shop.smb.museum
R3		 2023-08-01 -
2023-10-30		 3 months crt.sh
*.gomus.de
AlphaSSL CA - SHA256 - G4		 2023-06-22 -
2024-07-23		 a year crt.sh
waitingroom.giantmonkey.de
R3		 2023-07-10 -
2023-10-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://shop.smb.museum/
Frame ID: AC1EBFF68ECD249DA90C7EC6FAA6B5F6
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SMB Online-Shop

Detected technologies

Overall confidence: 100%
Detected patterns
  • \bangular.{0,32}\.js

Page Statistics

45
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

988 kB
Transfer

3143 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
shop.smb.museum/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
124714e135be496daab2f93ae187b63633b3733a9b9391173b5cf8f42b1aa2e9
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 07 Sep 2023 15:46:29 GMT
ETag
W/"63fc8161-6d0"
Last-Modified
Mon, 27 Feb 2023 10:09:37 GMT
Server
nginx
Strict-Transport-Security
max-age=15768000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
elements.js
shop.smb.museum/assets/javascript/ 		242 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/assets/javascript/elements.js?t=1693466903480
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
99dbe4221e7671f38f48d5cce5b1fa750348b41e7c927c2a54adce752a20b2c2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Referer
https://shop.smb.museum/
Origin
https://shop.smb.museum
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:29 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Mon, 27 Feb 2023 10:09:37 GMT
Server
nginx
ETag
"63fc8161-1415a"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000, public
Content-Length
82266
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vendor-1e609e12.css
shop.smb.museum/styles/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/styles/vendor-1e609e12.css?t=1693466903480
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
98a374e6220fe0f82b9a9859a4e211dd06f21927aec47ac66b5020ed5a0166bd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.smb.museum/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Thu, 31 Aug 2023 07:28:23 GMT
Server
nginx
ETag
"64f04117-28d"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=7200, public
Content-Length
653
Expires
Thu, 07 Sep 2023 17:46:30 GMT
webcomponents-aa1732b0.css
shop.smb.museum/styles/ 		30 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/styles/webcomponents-aa1732b0.css?t=1693466903480
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
a7d1e5261059a4966e684c1ef2aea00c56c758e27f0da6f08fd1324eaa1bace5
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.smb.museum/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Thu, 31 Aug 2023 07:28:23 GMT
Server
nginx
ETag
"64f04117-120c"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=7200, public
Content-Length
4620
Expires
Thu, 07 Sep 2023 17:46:30 GMT
app-c3c9826d.css
shop.smb.museum/styles/ 		253 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/styles/app-c3c9826d.css?t=1693466903480
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
e2a41952b25dc333ee00f513268f217c6eda917291401468286aed0dad71b89e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.smb.museum/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Thu, 31 Aug 2023 07:28:23 GMT
Server
nginx
ETag
"64f04117-c3da"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=7200, public
Content-Length
50138
Expires
Thu, 07 Sep 2023 17:46:30 GMT
vendor-c2cba7cf.js
shop.smb.museum/scripts/ 		784 KB
245 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/scripts/vendor-c2cba7cf.js?t=1693466903480
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
10305d300820c823a87896c16acfe4fe2c2783d6eb9a1e0499dce67c42d5ddb4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.smb.museum/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Thu, 31 Aug 2023 07:28:23 GMT
Server
nginx
ETag
"64f04117-3d1e9"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=7200, public
Content-Length
250345
Expires
Thu, 07 Sep 2023 17:46:30 GMT
webcomponents-335da2f7.js
shop.smb.museum/scripts/ 		653 KB
167 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
d544477325b81c6dbac28c0da201880513238acca0f41e96e7ebfda41edc6363
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.smb.museum/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Thu, 31 Aug 2023 07:28:23 GMT
Server
nginx
ETag
"64f04117-29c0b"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=7200, public
Content-Length
171019
Expires
Thu, 07 Sep 2023 17:46:30 GMT
app-dd36db23.js
shop.smb.museum/scripts/ 		526 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/scripts/app-dd36db23.js?t=1693466903480
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
1f0cc5484301f1c30740c82a3fd68d315deb5042029548cfc8723bb04bc069af
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.smb.museum/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Thu, 31 Aug 2023 07:28:23 GMT
Server
nginx
ETag
"64f04117-19af5"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=7200, public
Content-Length
105205
Expires
Thu, 07 Sep 2023 17:46:30 GMT
shop
smb.gomus.de/api/v4/ 		82 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/shop?locale=en
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
0c2bc9c1f98ad5cf6b0a9fab2bb3602550705e1e4e96501acd66418396ecf337
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
HIT
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
0cd980e2-f73a-4164-ab9a-1ea7b8e6af24
X-Runtime
0.046547
Server
nginx
ETag
W/"fa2ce8d9bceb9349a55017fc7be10a3d"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=900, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
shop
smb.gomus.de/api/v4/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/shop?locale=en
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:30 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
shop
smb.gomus.de/api/v4/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/shop?locale=de
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:30 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
enter
waitingroom.giantmonkey.de/smb/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://waitingroom.giantmonkey.de/smb/enter
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.119.64.59 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.59.64.119.168.clients.your-server.de
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://shop.smb.museum
Allow
OPTIONS,POST
Connection
keep-alive
Content-Length
12
Content-Security-Policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
Content-Type
text/html;charset=utf-8
Date
Thu, 07 Sep 2023 15:46:30 GMT
Server
nginx
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN SAMEORIGIN
X-XSS-Protection
1; mode=block 1; mode=block
tickets
smb.gomus.de/api/v4/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets?by_bookable=true&locale=de&per_page=1000&valid_at=2023-09-07&with_current_or_future_validities=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:30 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
angular-locale_de.js
shop.smb.museum/assets/i18n/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/assets/i18n/angular-locale_de.js
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/vendor-c2cba7cf.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
1ad7c2f5064935c9601c51659a987bdbf700932c16ca7fb0717a43e2679eda13
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.smb.museum/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Mon, 27 Feb 2023 10:09:37 GMT
Server
nginx
ETag
"63fc8161-392"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000, public
Content-Length
914
Expires
Thu, 31 Dec 2037 23:55:55 GMT
shop
smb.gomus.de/api/v4/ 		85 KB
25 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/shop?locale=de
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
370abe8032a839c37a149907742fd1139f2dd26b54b9f4fe8cc925365507d2cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
HIT
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
439693b7-cd4f-4351-a8dc-e0ec4f217554
X-Runtime
0.035482
Server
nginx
ETag
W/"09e1632f87929ffac3a107f1c847048d"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=900, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
enter
waitingroom.giantmonkey.de/smb/ 		169 B
597 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://waitingroom.giantmonkey.de/smb/enter
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.119.64.59 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.59.64.119.168.clients.your-server.de
Software
nginx /
Resource Hash
7f122c27ae9470664ed7a915d2e6385cf1f41a6efbbada67233bc8d3597e0a24
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type
application/json;charset=utf-8

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Security-Policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
169
X-XSS-Protection
1; mode=block
tickets
smb.gomus.de/api/v4/ 		109 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets?by_bookable=true&locale=de&per_page=1000&valid_at=2023-09-07&with_current_or_future_validities=true
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
aed72bb637a28f145345eee57adcadaa30d7c8c8f5d6e4c41aec3f6ca358a31b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
HIT
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
9dd9aa07-2ce4-446d-b922-6110c10a9edb
X-Runtime
1.492802
Server
nginx
ETag
W/"97acb09dee06d9b4b30de9a7daf22c34"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=10, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
check
waitingroom.giantmonkey.de/smb/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://waitingroom.giantmonkey.de/smb/check
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.119.64.59 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.59.64.119.168.clients.your-server.de
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
authorization
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
https://shop.smb.museum
Allow
OPTIONS,GET,HEAD
Connection
keep-alive
Content-Length
16
Content-Security-Policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
Content-Type
text/html;charset=utf-8
Date
Thu, 07 Sep 2023 15:46:30 GMT
Server
nginx
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN SAMEORIGIN
X-XSS-Protection
1; mode=block 1; mode=block
check
waitingroom.giantmonkey.de/smb/ 		50 B
472 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://waitingroom.giantmonkey.de/smb/check
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.119.64.59 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.59.64.119.168.clients.your-server.de
Software
nginx /
Resource Hash
3c31ac99a59972f6a5b408d0f98a179b26e3a7399a68e6597f475de639a8db10
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnbS13YWl0aW5ncm9vbSIsInN1YiI6IjY0MGJjOTY4LTBmNDAtNGRhYy05MjM3LWFjODQ1MzQzMjc3MCJ9.oIIXY-XKJ7m3MjsylZDNxEEeT5VoC90UovLuvTSA6o4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Security-Policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
50
X-XSS-Protection
1; mode=block
museums
smb.gomus.de/api/v4/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/museums?locale=de&per_page=1000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:31 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
exhibitions
smb.gomus.de/api/v4/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/exhibitions?locale=de&per_page=1000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:31 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
tours
smb.gomus.de/api/v4/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tours?by_bookable=true&by_featured=true&locale=de&per_page=1000
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:31 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
tours
smb.gomus.de/api/v4/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tours?by_bookable=true&locale=de&per_page=1&with_bookings_in_future=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:31 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
categories
smb.gomus.de/api/v4/tours/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tours/categories?locale=de
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:31 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
categories
smb.gomus.de/api/v4/events/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/events/categories?locale=de
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:31 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
museums
smb.gomus.de/api/v4/ 		22 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/museums?locale=de&per_page=1000
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
4fa602f2cbe1c9d31f3be34e50eb50f6679bf1232bc97afec19b460ad0851495
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
HIT
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
b1623713-bbe0-4c29-bc8f-773ab0d7c7d0
X-Runtime
0.075955
Server
nginx
ETag
W/"3374eeb26db21bdc42b0b091da1c298f"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=60, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
exhibitions
smb.gomus.de/api/v4/ 		72 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/exhibitions?locale=de&per_page=1000
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
84efe653d6dee3e2bd03ea3673d27c30cca5fcf83782f2b204d94de2fe343a66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
HIT
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
b59786ce-d26b-4ea4-895c-b7844396182e
X-Runtime
0.236172
Server
nginx
ETag
W/"d6c5886290d420d147cb23847103f057"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=60, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
tours
smb.gomus.de/api/v4/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tours?by_bookable=true&by_featured=true&locale=de&per_page=1000
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
665b676876f66e72a8b3637095d330a3c1a091182dad81db6b77157bd568fff1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
HIT
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
fd2446cb-09e2-4640-8815-3fabd2a173a0
X-Runtime
0.126106
Server
nginx
ETag
W/"7f4572a0731bbd60cd4046947cd4e174"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=60, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
tours
smb.gomus.de/api/v4/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tours?by_bookable=true&locale=de&per_page=1&with_bookings_in_future=1
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
fa684ff9ff964281910681ccd6a7ce296f34c466cf8a56120dab313f387f1c36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
HIT
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
75026f6d-07ff-4ad7-beea-894714a490ce
X-Runtime
1.006652
Server
nginx
ETag
W/"89b7e5e0e7cfdef80fc5701f9684f0e9"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=60, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
categories
smb.gomus.de/api/v4/tours/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tours/categories?locale=de
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
d064fb5bcd56f77338c039bdc772758bb249d6bc9c0926e669135d6596029a75
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
HIT
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
c5dfe437-4093-4b5e-b690-78a3ecd05e39
X-Runtime
0.446618
Server
nginx
ETag
W/"8ddd60e1981c3049f5008b397ae19743"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=60, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
categories
smb.gomus.de/api/v4/events/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/events/categories?locale=de
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
8c93b97b842f087165ce1cf5507043b9a65502aa60239197ed6d6aa4b0fe7e04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
MISS
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
4f86ff04-0469-46ea-b0c4-a7b52d4bc7c1
X-Runtime
0.524906
Server
nginx
ETag
W/"cfdb3bca79872171e51df5ae25edbf8c"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=0, private, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
calendar
smb.gomus.de/api/v4/tickets/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets/calendar?by_bookable=true&by_museum_ids%5B%5D=14&by_ticket_types%5B%5D=normal&by_ticket_types%5B%5D=time_slot&start_at=2023-09-07
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:31 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
calendar
smb.gomus.de/api/v4/tickets/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets/calendar?by_bookable=true&by_museum_ids%5B%5D=14&by_ticket_types%5B%5D=normal&by_ticket_types%5B%5D=time_slot&start_at=2023-10-01
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:31 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
tickets
smb.gomus.de/api/v4/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets?by_bookable=true&by_free_timing=false&by_museum_ids%5B%5D=14&by_ticket_types%5B%5D=normal&by_ticket_types%5B%5D=time_slot&locale=de&per_page=1000&valid_at=2023-09-08
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:31 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
calendar
smb.gomus.de/api/v4/tickets/ 		442 B
877 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets/calendar?by_bookable=true&by_museum_ids%5B%5D=14&by_ticket_types%5B%5D=normal&by_ticket_types%5B%5D=time_slot&start_at=2023-09-07
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
8902fdb122122afab7089a6a65edb53fb535fc7bcbc079f6b5d620ef4d4cebf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:33 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
EXPIRED
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
d7a785b4-ec49-4070-8730-e07dfa7b9373
X-Runtime
1.174988
Server
nginx
ETag
W/"919c08fe6a43045078a21f430a82a10b"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=10, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
calendar
smb.gomus.de/api/v4/tickets/ 		595 B
905 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets/calendar?by_bookable=true&by_museum_ids%5B%5D=14&by_ticket_types%5B%5D=normal&by_ticket_types%5B%5D=time_slot&start_at=2023-10-01
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
06101c0d5e6cb8dab9028a81538ae18608010ae222b5d12c8761809471dae534
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
EXPIRED
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
acae1485-ec3a-41e4-a2b1-b026932e4d0a
X-Runtime
0.483742
Server
nginx
ETag
W/"790eae53ac06d2c392d6978de256ed55"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=10, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
tickets
smb.gomus.de/api/v4/ 		7 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets?by_bookable=true&by_free_timing=false&by_museum_ids%5B%5D=14&by_ticket_types%5B%5D=normal&by_ticket_types%5B%5D=time_slot&locale=de&per_page=1000&valid_at=2023-09-08
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
95ab5d7c881b9d29a124c5095388b57b03fbe0ecf1c21445619462a9dcea6c98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
EXPIRED
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
d2b70490-5c43-4283-b762-b50d5c1bb2c4
X-Runtime
0.146853
Server
nginx
ETag
W/"2e2a974e1f6f89bfb6d3e39f48c4dd8e"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=10, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600
e2a0d1af-75d8-4cfc-b119-3a1e660a802a.woff2
shop.smb.museum/assets/fonts/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/assets/fonts/e2a0d1af-75d8-4cfc-b119-3a1e660a802a.woff2
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/styles/app-c3c9826d.css?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
94dfc823c96616dd56300d1dd850966e3527c4905716ff2e408eb5e9ea418514
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Referer
https://shop.smb.museum/styles/app-c3c9826d.css?t=1693466903480
Origin
https://shop.smb.museum
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Mon, 27 Feb 2023 10:09:37 GMT
Server
nginx
ETag
"63fc8161-88fd"
Vary
Accept-Encoding
Content-Type
font/woff2
Cache-Control
max-age=315360000, public
Content-Length
35069
Expires
Thu, 31 Dec 2037 23:55:55 GMT
931cf764-bce8-4859-8186-bafda72141c7.woff2
shop.smb.museum/assets/fonts/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/assets/fonts/931cf764-bce8-4859-8186-bafda72141c7.woff2
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/styles/app-c3c9826d.css?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
a029e88d30e477c50172b18bf80d566aa26e207ec91e862078b0bfe60f9b0eb6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Referer
https://shop.smb.museum/styles/app-c3c9826d.css?t=1693466903480
Origin
https://shop.smb.museum
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Mon, 27 Feb 2023 10:09:37 GMT
Server
nginx
ETag
"63fc8161-8af3"
Vary
Accept-Encoding
Content-Type
font/woff2
Cache-Control
max-age=315360000, public
Content-Length
35571
Expires
Thu, 31 Dec 2037 23:55:55 GMT
fa-regular-400.woff2
shop.smb.museum/assets/fonts/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/assets/fonts/fa-regular-400.woff2
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/styles/app-c3c9826d.css?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
fe69d94841462d397faeff253ee09a6dc7941be931f942a55e6b9def8f3b048d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Referer
https://shop.smb.museum/styles/app-c3c9826d.css?t=1693466903480
Origin
https://shop.smb.museum
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Mon, 27 Feb 2023 10:09:37 GMT
Server
nginx
ETag
"63fc8161-6234"
Vary
Accept-Encoding
Content-Type
font/woff2
Cache-Control
max-age=315360000, public
Content-Length
25140
Expires
Thu, 31 Dec 2037 23:55:55 GMT
fa-solid-900.woff2
shop.smb.museum/assets/fonts/ 		147 KB
147 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://shop.smb.museum/assets/fonts/fa-solid-900.woff2
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/styles/app-c3c9826d.css?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
d27bc752105c079f8a516e9142406a9fc12cbb409f9bf8681f2ddfe0360b52a6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Referer
https://shop.smb.museum/styles/app-c3c9826d.css?t=1693466903480
Origin
https://shop.smb.museum
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Mon, 27 Feb 2023 10:09:37 GMT
Server
nginx
ETag
"63fc8161-24c06"
Vary
Accept-Encoding
Content-Type
font/woff2
Cache-Control
max-age=315360000, public
Content-Length
150534
Expires
Thu, 31 Dec 2037 23:55:55 GMT
logo.svg
shop.smb.museum/assets/images/ 		16 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shop.smb.museum/assets/images/logo.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
cf6468f26e4b33afe962e668f5bf2d04ca47372e82f785973ff6be371a943984
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.smb.museum/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Mon, 27 Feb 2023 10:09:37 GMT
Server
nginx
ETag
"63fc8161-16fe"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=315360000, public
Content-Length
5886
Expires
Thu, 31 Dec 2037 23:55:55 GMT
logo_xs.svg
shop.smb.museum/assets/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shop.smb.museum/assets/images/logo_xs.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
a6b0dac93ec937ecf5606aeadba99bf971a78ae2a4716d6bf681fa387378a537
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.smb.museum/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=15768000; includeSubDomains
Last-Modified
Mon, 27 Feb 2023 10:09:37 GMT
Server
nginx
ETag
"63fc8161-5ea"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=315360000, public
Content-Length
1514
Expires
Thu, 31 Dec 2037 23:55:55 GMT
capacities
smb.gomus.de/api/v4/tickets/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets/capacities?date=2023-09-08&ticket_ids%5B%5D=915&ticket_ids%5B%5D=916&ticket_ids%5B%5D=917&ticket_ids%5B%5D=919&ticket_ids%5B%5D=920&ticket_ids%5B%5D=922&ticket_ids%5B%5D=923&ticket_ids%5B%5D=924&ticket_ids%5B%5D=1011
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-shop-url
Access-Control-Request-Method
GET
Origin
https://shop.smb.museum
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-shop-url
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Access-Control-Max-Age
600
Content-Encoding
gzip
Content-Type
text/plain
Date
Thu, 07 Sep 2023 15:46:32 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
capacities
smb.gomus.de/api/v4/tickets/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://smb.gomus.de/api/v4/tickets/capacities?date=2023-09-08&ticket_ids%5B%5D=915&ticket_ids%5B%5D=916&ticket_ids%5B%5D=917&ticket_ids%5B%5D=919&ticket_ids%5B%5D=920&ticket_ids%5B%5D=922&ticket_ids%5B%5D=923&ticket_ids%5B%5D=924&ticket_ids%5B%5D=1011
Requested by
Host: shop.smb.museum
URL: https://shop.smb.museum/scripts/webcomponents-335da2f7.js?t=1693466903480
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.251.122.18 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.18.122.251.148.clients.your-server.de
Software
nginx /
Resource Hash
4bd758ccffd3fe1dcf332506900074ae10cd07194f403c1a540c7f40be7ff9ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-Shop-Url
shop.smb.museum
Accept
application/json, text/plain, */*
Referer
https://shop.smb.museum/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date
Thu, 07 Sep 2023 15:46:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Cache-Status
EXPIRED
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
X-Request-Id
f84db4b9-1db7-4b56-946d-438cc4c80ffe
X-Runtime
0.182245
Server
nginx
ETag
W/"9fbc1ed30a5d57ddc42f8f18e3cc4cb5"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding, X-Shop-Url, Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://shop.smb.museum
Access-Control-Allow-Methods
GET, POST, DELETE, PATCH, PUT, HEAD
Access-Control-Expose-Headers
access-token, expiry, token-type, uid, client
Cache-Control
max-age=10, public
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
600

Verdicts & Comments Add Verdict or Comment

150 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| ngFileUpload function| $ function| jQuery object| angular function| _ function| isOldIE function| isIE function| isEmpty function| moment object| angulartics function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched function| $localize object| defaultSettings object| webpackChunkelements object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__storagefalse object| __zone_symbol__beforeunloadfalse object| __zone_symbol__messagefalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

2 Cookies

Domain/Path Name / Value
shop.smb.museum/ Name: waiting_room_token
Value: eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnbS13YWl0aW5ncm9vbSIsInN1YiI6IjY0MGJjOTY4LTBmNDAtNGRhYy05MjM3LWFjODQ1MzQzMjc3MCJ9.oIIXY-XKJ7m3MjsylZDNxEEeT5VoC90UovLuvTSA6o4
shop.smb.museum/ Name: auth_headers
Value: %7B%7D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

shop.smb.museum
smb.gomus.de
waitingroom.giantmonkey.de
148.251.122.18
168.119.64.59
06101c0d5e6cb8dab9028a81538ae18608010ae222b5d12c8761809471dae534
0c2bc9c1f98ad5cf6b0a9fab2bb3602550705e1e4e96501acd66418396ecf337
10305d300820c823a87896c16acfe4fe2c2783d6eb9a1e0499dce67c42d5ddb4
124714e135be496daab2f93ae187b63633b3733a9b9391173b5cf8f42b1aa2e9
1ad7c2f5064935c9601c51659a987bdbf700932c16ca7fb0717a43e2679eda13
1f0cc5484301f1c30740c82a3fd68d315deb5042029548cfc8723bb04bc069af
370abe8032a839c37a149907742fd1139f2dd26b54b9f4fe8cc925365507d2cc
3c31ac99a59972f6a5b408d0f98a179b26e3a7399a68e6597f475de639a8db10
4bd758ccffd3fe1dcf332506900074ae10cd07194f403c1a540c7f40be7ff9ae
4fa602f2cbe1c9d31f3be34e50eb50f6679bf1232bc97afec19b460ad0851495
665b676876f66e72a8b3637095d330a3c1a091182dad81db6b77157bd568fff1
7f122c27ae9470664ed7a915d2e6385cf1f41a6efbbada67233bc8d3597e0a24
84efe653d6dee3e2bd03ea3673d27c30cca5fcf83782f2b204d94de2fe343a66
8902fdb122122afab7089a6a65edb53fb535fc7bcbc079f6b5d620ef4d4cebf9
8c93b97b842f087165ce1cf5507043b9a65502aa60239197ed6d6aa4b0fe7e04
94dfc823c96616dd56300d1dd850966e3527c4905716ff2e408eb5e9ea418514
95ab5d7c881b9d29a124c5095388b57b03fbe0ecf1c21445619462a9dcea6c98
98a374e6220fe0f82b9a9859a4e211dd06f21927aec47ac66b5020ed5a0166bd
99dbe4221e7671f38f48d5cce5b1fa750348b41e7c927c2a54adce752a20b2c2
a029e88d30e477c50172b18bf80d566aa26e207ec91e862078b0bfe60f9b0eb6
a6b0dac93ec937ecf5606aeadba99bf971a78ae2a4716d6bf681fa387378a537
a7d1e5261059a4966e684c1ef2aea00c56c758e27f0da6f08fd1324eaa1bace5
aed72bb637a28f145345eee57adcadaa30d7c8c8f5d6e4c41aec3f6ca358a31b
cf6468f26e4b33afe962e668f5bf2d04ca47372e82f785973ff6be371a943984
d064fb5bcd56f77338c039bdc772758bb249d6bc9c0926e669135d6596029a75
d27bc752105c079f8a516e9142406a9fc12cbb409f9bf8681f2ddfe0360b52a6
d544477325b81c6dbac28c0da201880513238acca0f41e96e7ebfda41edc6363
e2a41952b25dc333ee00f513268f217c6eda917291401468286aed0dad71b89e
fa684ff9ff964281910681ccd6a7ce296f34c466cf8a56120dab313f387f1c36
fe69d94841462d397faeff253ee09a6dc7941be931f942a55e6b9def8f3b048d