app.hrlab.de Open in urlscan Pro
157.97.106.238 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://oncheck24.ch/
Effective URL:
https://app.hrlab.de/new
Submission: On June 11 via api (June 11th 2024, 5:24:29 am UTC) from CH — Scanned from CH

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 24 HTTP transactions. The main IP is 157.97.106.238, located in Berlin, Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is app.hrlab.de. The Cisco Umbrella rank of the primary domain is 619763.
TLS certificate: Issued by GeoTrust EV RSA CA G2 on June 28th 2023. Valid for: a year.

This is the only time app.hrlab.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	89.28.242.139 89.28.242.139	206240 (PDV-SACHSEN) (PDV-SACHSEN)
2 26	157.97.106.238 157.97.106.238	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
24	1

1 89.28.242.139 (Germany) 1 redirects

ASN206240 (PDV-SACHSEN, DE)
PTR: pdv-sachsen.net

oncheck24.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 157.97.106.238 (Berlin, Germany) 2 redirects

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: app.hrlab.de

app.hrlab.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	hrlab.de 2 redirects app.hrlab.de — Cisco Umbrella Rank: 619763	3 MB
1	oncheck24.ch 1 redirects oncheck24.ch	243 B
24	2

	Domain	Requested by
26	app.hrlab.de	2 redirects app.hrlab.de
1	oncheck24.ch	1 redirects
24	2

This site contains no links.

Subject Issuer	Validity	Valid
app.hrlab.de GeoTrust EV RSA CA G2	`2023-06-28` - `2024-07-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://app.hrlab.de/new
Frame ID: BBE885284CFB6DC0D131B2943D738413
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HRlab

Page URL History Show full URLs

https://oncheck24.ch/ HTTP 302
https://app.hrlab.de/de/auth/login HTTP 301
https://app.hrlab.de/new Page URL

Page Statistics

24
Requests

96 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

3310 kB
Transfer

3702 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://oncheck24.ch/ HTTP 302
https://app.hrlab.de/de/auth/login HTTP 301
https://app.hrlab.de/new Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://app.hrlab.de/initialize_application HTTP 302
https://app.hrlab.de/old/de/auth/login/

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request new Show response
app.hrlab.de/
Redirect Chain

https://oncheck24.ch/
https://app.hrlab.de/de/auth/login
https://app.hrlab.de/new

3 KB
2 KB

33ms
33ms

Document
text/html

157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

0fe3f51ce72fb9a08c7f09b0f634e2638f9ef37a449911c60c348e57f0ca4e22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
referer: https://www.google.com/
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://space.davero.de
content-type: text/html
date: Tue, 11 Jun 2024 05:24:24 GMT
host: app.hrlab.de
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-start: t=1718083464.143
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-security-policy: frame-ancestors 'self' https://space.davero.de
content-type: text/html
date: Tue, 11 Jun 2024 05:24:24 GMT
host: app.hrlab.de
location: https://app.hrlab.de/new
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-start: t=1718083464.108
x-xss-protection: 1; mode=block

GET
H2 200 fonts.css
app.hrlab.de/new/ 2 KB
753 B 32ms
32ms Stylesheet
text/css 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/fonts.css

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

1f6d23180a3d5df1e98bb241870c9497f539c9ad04d998cf4e0d247afacdde57

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: W/"6667437d-665"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: text/css
x-request-start: t=1718083464.180

GET
H2 200 index-f071b086.js Show response
app.hrlab.de/new/assets/ 990 KB
991 KB 101ms
101ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/index-f071b086.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

34886e87c024dd1ba9e24a887ada1603ba57e56f76fd9a8c38ba1aa2b2dc41a7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 1013616
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-f7770"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083464.192
accept-ranges: bytes

GET
H2 200 index-25e7c770.css
app.hrlab.de/new/assets/ 234 KB
28 KB 72ms
72ms Stylesheet
text/css 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/index-25e7c770.css

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

25e7c770650c8fae4a8d82f43a95d9c2a09899a1f474ee1c83f4ba2eeb059555

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: W/"6667437d-3a6e7"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: text/css
x-request-start: t=1718083464.180

GET
H2 200 SplashScreen-676e7650.js Show response
app.hrlab.de/new/assets/ 316 KB
317 KB 35ms
34ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/SplashScreen-676e7650.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/index-f071b086.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

d05f9d6cc7b70c0a441067dc44f38df677f0b532c0c675d527525dc698f65580

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 323960
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-4f178"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083464.600
accept-ranges: bytes

GET
H2 200 Text-a0c6aac2.js Show response
app.hrlab.de/new/assets/ 4 KB
5 KB 50ms
50ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/Text-a0c6aac2.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/index-f071b086.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

c7d1e4f9e8b6349574e42c2109a771eb2dfbda399fb838e688cee1420846250e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 4463
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-116f"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083464.600
accept-ranges: bytes

GET
H2 200 favicon.ico
app.hrlab.de/ 1 KB
1021 B 51ms
51ms Other
image/x-icon 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

73ee262a91747ece8e2fcc10946927ff5d7435be2701159312328ec8d83c2357

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:15:28 GMT
server: nginx
host: app.hrlab.de
etag: W/"666742c0-47e"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: image/x-icon
x-request-start: t=1718083464.600

GET
H2 200 hrlab-render-vert.json Show response
app.hrlab.de/new/lottie/ 32 KB
5 KB 37ms
37ms Fetch
application/json 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/lottie/hrlab-render-vert.json

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/SplashScreen-676e7650.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

102ce052cbcc214c48c20a28e4de74291c850e4546d7102fdd4878c8d9b0c87f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: W/"6667437d-7ed5"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/json
x-request-start: t=1718083464.701

GET
H2

200

/ Show response
app.hrlab.de/old/de/auth/login/
Redirect Chain

https://app.hrlab.de/initialize_application
https://app.hrlab.de/old/de/auth/login/

7 KB
4 KB

47ms
47ms

XHR
text/html

157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/old/de/auth/login/

Protocol

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

c8943f665b20a215fdf7bceb0f57994e2010b36e6c91f8afe6bdab156e4e43a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

x-csrf-param: authenticity_token
date: Tue, 11 Jun 2024 05:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-csrf-token: Q44nZPW6eA_03ASRm3ERg-44nMkG6Nv32mXAgYFOZWJ57zTlUgu4J8VOgFNFqR_Qi7nlT3yW3R1ACWX0pfbS7w
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-request-id: 7fc6d6d8-fab6-4901-ac25-22bddc311b79
x-runtime: 0.006064
referrer-policy: strict-origin-when-cross-origin
server: nginx
host: app.hrlab.de
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: text/html; charset=utf-8
access-control-expose-headers: X-CSRF-Token, X-CSRF-Param
cache-control: no-cache
x-request-start: t=1718083464.834
link: </assets/auth-05cfd7a4f6694cf71bb59c7b89c14f0cd654a1565727b74f787682e5cbd5b890.css>; rel=preload; as=style; nopush,</assets/hide-scrollbar-on-chrome-4246d82dcc77ecd1a02a353c863bd1ca122fc9ef0da1df96b2b91f61115a9cff.css>; rel=preload; as=style; nopush,</packs/js/login-6d38bf832e9b2fe86e26.js>; rel=preload; as=script; nopush

Redirect headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 0
x-xss-protection: 1; mode=block
x-request-id: 8a91a153-a411-47dd-b045-dfdc1027c53b
x-runtime: 0.005735
referrer-policy: strict-origin-when-cross-origin
server: nginx
host: app.hrlab.de
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: text/html; charset=utf-8
location: https://app.hrlab.de/old/de/auth/login/
cache-control: no-cache
x-request-start: t=1718083464.720

GET
H2 200 Roboto-Regular.ttf
app.hrlab.de/new/fonts/roboto/ 164 KB
165 KB 37ms
37ms Font
application/octet-stream 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/fonts/roboto/Roboto-Regular.ttf

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/fonts.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 168260
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-29144"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/octet-stream
x-request-start: t=1718083464.823
accept-ranges: bytes

GET
H2 200 auth-05cfd7a4f6694cf71bb59c7b89c14f0cd654a1565727b74f787682e5cbd5b890.css
app.hrlab.de/assets/ 198 KB
37 KB 36ms
35ms Stylesheet
text/css 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/assets/auth-05cfd7a4f6694cf71bb59c7b89c14f0cd654a1565727b74f787682e5cbd5b890.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

ab3ce62646651d4c61489ba7e0dfa25e69ed564793cdca71fd2838feaed11bde

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 36992
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:14:47 GMT
server: nginx
host: app.hrlab.de
etag: "66674297-9080"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: text/css
x-request-start: t=1718083464.867
cache-control: max-age=315360000, public
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 hide-scrollbar-on-chrome-4246d82dcc77ecd1a02a353c863bd1ca122fc9ef0da1df96b2b91f61115a9cff.css
app.hrlab.de/assets/ 101 B
626 B 37ms
36ms Stylesheet
text/css 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/assets/hide-scrollbar-on-chrome-4246d82dcc77ecd1a02a353c863bd1ca122fc9ef0da1df96b2b91f61115a9cff.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

18d6ede800a2caea3106fd37f0b616170cea4cb6a22b416781f8befe4b221537

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 84
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:14:47 GMT
server: nginx
host: app.hrlab.de
etag: "66674297-54"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: text/css
x-request-start: t=1718083464.867
cache-control: max-age=315360000, public
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 login-6d38bf832e9b2fe86e26.js Show response
app.hrlab.de/packs/js/ 929 KB
930 KB 40ms
39ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/packs/js/login-6d38bf832e9b2fe86e26.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

e9ef93734e43870c42fa0cf92634c4f96ff771724e8ffba47bec120564843528

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 950956
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 05 Jun 2024 07:45:55 GMT
server: nginx
host: app.hrlab.de
etag: "666017b3-e82ac"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083464.867
accept-ranges: bytes

GET
H2 200 App-da875516.js Show response
app.hrlab.de/new/assets/ 20 KB
21 KB 107ms
93ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/App-da875516.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/index-f071b086.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

e8902180f0eb10361757e9afdcd62a59d1d5396d947794223dc9a28ee6458770

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:27 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 20687
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-50cf"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083467.730
accept-ranges: bytes

GET
H2 200 withErrorBoundary-56a34f84.js Show response
app.hrlab.de/new/assets/ 463 KB
464 KB 114ms
108ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/withErrorBoundary-56a34f84.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/index-f071b086.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

a751d650aa7517e1319556d197d1612e3268127f389fc11cf90efcde41890619

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:27 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 474568
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-73dc8"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083467.730
accept-ranges: bytes

GET
H2 200 Activate-ff11329d.js Show response
app.hrlab.de/new/assets/ 7 KB
7 KB 307ms
301ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/Activate-ff11329d.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/index-f071b086.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

485619f936e7f14732595b6254ea6425c86924b32a7157594606d17d44e4f5f9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:27 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 6888
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-1ae8"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083467.730
accept-ranges: bytes

GET
H2 200 index-bc19465a.js Show response
app.hrlab.de/new/assets/ 34 KB
34 KB 316ms
311ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/index-bc19465a.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/index-f071b086.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

103f4fdee440769e9f5646ab4f4715daf3f0e24094b21ef46c160a5f779d76a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:27 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 34605
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-872d"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083467.730
accept-ranges: bytes

GET
H2 200 Password-37b766a4.js Show response
app.hrlab.de/new/assets/ 837 B
1 KB 326ms
321ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/Password-37b766a4.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/index-f071b086.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

70d4be2f11a55f363a7d368185843de1f27e06a8ef08d27dcd99a61d9ad9f922

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:27 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 837
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-345"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083467.730
accept-ranges: bytes

GET
H2 200 NumberInput-7d2c08ec.js Show response
app.hrlab.de/new/assets/ 1 KB
2 KB 333ms
329ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/NumberInput-7d2c08ec.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/index-f071b086.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

c462d70e347ad89f53e7fa8085c878e7d90d49b464acbf8f93100d6c327b58a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:27 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 1379
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-563"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083467.730
accept-ranges: bytes

GET
H2 200 Card-e7432813.js Show response
app.hrlab.de/new/assets/ 2 KB
2 KB 344ms
339ms Script
application/javascript 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/new/assets/Card-e7432813.js

Requested by

Host: app.hrlab.de
URL: https://app.hrlab.de/new/assets/index-f071b086.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

a39a8fe60bfb190d7c79454eb7b25683b0b1bc087be511ad0c8c15ee5a86f5b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Origin: https://app.hrlab.de
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:27 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 1962
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-7aa"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: application/javascript
x-request-start: t=1718083467.751
accept-ranges: bytes

GET
H2 200 favicon.ico
app.hrlab.de/ 1 KB
0 1ms
1ms Other
image/x-icon 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

73ee262a91747ece8e2fcc10946927ff5d7435be2701159312328ec8d83c2357

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:15:28 GMT
server: nginx
host: app.hrlab.de
etag: W/"666742c0-47e"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: image/x-icon
x-request-start: t=1718083464.600

GET
H2 200 HRlab_Logo_Original_Breite400px.png
app.hrlab.de/new/ 5 KB
6 KB 41ms
41ms Image
image/png 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.hrlab.de/new/HRlab_Logo_Original_Breite400px.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

0f1e436fbdb811bd7543e7343702b07d19cfe83c958c90698bd2f13da237e9d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:28 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 5507
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-1583"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: image/png
x-request-start: t=1718083468.185
accept-ranges: bytes

GET
H2 200 bg-login.png
app.hrlab.de/new/ 285 KB
286 KB 148ms
143ms Image
image/png 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.hrlab.de/new/bg-login.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

9cd251d057ac45842fb83d9c6a3362062e1632fc3b7b9313b769a35af26df7db

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:28 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies: none
content-length: 292149
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:18:37 GMT
server: nginx
host: app.hrlab.de
etag: "6667437d-47535"
x-download-options: noopen
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: image/png
x-request-start: t=1718083468.392
accept-ranges: bytes

GET
H2 200 favicon.ico
app.hrlab.de/ 1 KB
0 1ms
1ms Other
image/x-icon 157.97.106.238
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hrlab.de/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

157.97.106.238 Berlin, Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),

Reverse DNS

app.hrlab.de

Software

nginx /

Resource Hash

73ee262a91747ece8e2fcc10946927ff5d7435be2701159312328ec8d83c2357

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.google.com/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 05:24:24 GMT
content-security-policy: frame-ancestors 'self' https://space.davero.de
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jun 2024 18:15:28 GMT
server: nginx
host: app.hrlab.de
etag: W/"666742c0-47e"
x-download-options: noopen
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, PATCH
content-type: image/x-icon
x-request-start: t=1718083464.600

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| lottie

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			app.hrlab.de/	1969-12-31 23:59:59	Name: _tridion-2_session Value: M7w3fAl%2FSRbOQ92ssHHTo8Cxh5dW6swFi%2Bx0Xe85sk9%2FtrS9L0ce%2BSaYrvPivSDUOuje3CpoSlPjnlwsVCsNDpTAR78f6OfCkW34oKL6C6wa3sooutY%2FrwM4YfvGkBNN7fE1g4Sd0qimcWis6BKq9tjxZMqqGy5MH29%2BQDr2iHnWhoFCFSAktHL2q8A%2Bjs%2FhkkrELyN9jIEI6ozHIA8Y%2BvyM%2ByltYT%2FKS72tX2pEKI5CvMFOcPTKU20kidInpXZmBbp7C3yzSo23Q0D0Z6GbGavFrqNNQg%2Ft%2BoTKckoTywfmfMGrvjGU343pC%2BgjRNpMPuu6jP%2BjRe1y%2BvXqYxOymeVNVPYioyF1LirmHAlz2M8l%2FQ%3D%3D--t9dULWeaUI68zZvI--8%2FJjUMlZfWuBXHefH%2FfXFw%3D%3D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://app.hrlab.de/new/auth/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "username"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://space.davero.de
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.hrlab.de
oncheck24.ch
157.97.106.238
89.28.242.139
0f1e436fbdb811bd7543e7343702b07d19cfe83c958c90698bd2f13da237e9d8
0fe3f51ce72fb9a08c7f09b0f634e2638f9ef37a449911c60c348e57f0ca4e22
102ce052cbcc214c48c20a28e4de74291c850e4546d7102fdd4878c8d9b0c87f
103f4fdee440769e9f5646ab4f4715daf3f0e24094b21ef46c160a5f779d76a9
18d6ede800a2caea3106fd37f0b616170cea4cb6a22b416781f8befe4b221537
1f6d23180a3d5df1e98bb241870c9497f539c9ad04d998cf4e0d247afacdde57
25e7c770650c8fae4a8d82f43a95d9c2a09899a1f474ee1c83f4ba2eeb059555
34886e87c024dd1ba9e24a887ada1603ba57e56f76fd9a8c38ba1aa2b2dc41a7
485619f936e7f14732595b6254ea6425c86924b32a7157594606d17d44e4f5f9
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14
70d4be2f11a55f363a7d368185843de1f27e06a8ef08d27dcd99a61d9ad9f922
73ee262a91747ece8e2fcc10946927ff5d7435be2701159312328ec8d83c2357
9cd251d057ac45842fb83d9c6a3362062e1632fc3b7b9313b769a35af26df7db
a39a8fe60bfb190d7c79454eb7b25683b0b1bc087be511ad0c8c15ee5a86f5b2
a751d650aa7517e1319556d197d1612e3268127f389fc11cf90efcde41890619
ab3ce62646651d4c61489ba7e0dfa25e69ed564793cdca71fd2838feaed11bde
c462d70e347ad89f53e7fa8085c878e7d90d49b464acbf8f93100d6c327b58a9
c7d1e4f9e8b6349574e42c2109a771eb2dfbda399fb838e688cee1420846250e
c8943f665b20a215fdf7bceb0f57994e2010b36e6c91f8afe6bdab156e4e43a8
d05f9d6cc7b70c0a441067dc44f38df677f0b532c0c675d527525dc698f65580
e8902180f0eb10361757e9afdcd62a59d1d5396d947794223dc9a28ee6458770
e9ef93734e43870c42fa0cf92634c4f96ff771724e8ffba47bec120564843528

app.hrlab.de Open in urlscan Pro 157.97.106.238 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

24 Requests

96 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

3310 kBTransfer

3702 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

app.hrlab.de Open in urlscan Pro
157.97.106.238 Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

96 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

3310 kB
Transfer

3702 kB
Size

1
Cookies

24 HTTP transactions
0 data transactions