urlscan.io logo urlscan.io
SecurityTrails logo

nitrobox.jobs.personio.de Open in urlscan Pro
2600:9000:20eb:1c00:6:9821:c840:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://jobs.nitrobox.com/
Effective URL: https://nitrobox.jobs.personio.de/
Submission Tags: phishingrod
Submission: On June 20 via api from DE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 2600:9000:20eb:1c00:6:9821:c840:93a1, located in United States and belongs to AMAZON-02, US. The main domain is nitrobox.jobs.personio.de.
TLS certificate: Issued by Amazon RSA 2048 M02 on April 6th 2023. Valid for: a year.
This is the only time nitrobox.jobs.personio.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 20.71.8.37 8075 (MICROSOFT...)
2 2600:9000:20e... 16509 (AMAZON-02)
14 2600:9000:205... 16509 (AMAZON-02)
16 3
Apex Domain
Subdomains		 Transfer
16 personio.de
nitrobox.jobs.personio.de
assets.cdn.personio.de — Cisco Umbrella Rank: 242247
we-are-hiring.cdn.personio.de — Cisco Umbrella Rank: 400607
592 KB
1 nitrobox.com
jobs.nitrobox.com
125 B
16 2
Domain Requested by
11 assets.cdn.personio.de nitrobox.jobs.personio.de
assets.cdn.personio.de
3 we-are-hiring.cdn.personio.de assets.cdn.personio.de
2 nitrobox.jobs.personio.de assets.cdn.personio.de
1 jobs.nitrobox.com 1 redirects
16 4

This site contains links to these domains. Also see Links.

Domain
www.personio.com
www.nitrobox.de
Subject Issuer Validity Valid
jobs.personio.de
Amazon RSA 2048 M02		 2023-04-06 -
2024-05-04		 a year crt.sh
we-are-hiring.cdn.personio.de
Amazon RSA 2048 M02		 2023-02-28 -
2024-03-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nitrobox.jobs.personio.de/
Frame ID: 2C9296114DB881396EDB81BF3F3FF9C4
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Jobs at Nitrobox GmbH - Subscription Management and Order-to-Cash Platform

Page URL History Show full URLs

  1. https://jobs.nitrobox.com/ HTTP 301
    https://nitrobox.jobs.personio.de/ Page URL

Page Statistics

16
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

4
Subdomains

3
IPs

2
Countries

592 kB
Transfer

1191 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://jobs.nitrobox.com/ HTTP 301
    https://nitrobox.jobs.personio.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nitrobox.jobs.personio.de/
Redirect Chain
  • https://jobs.nitrobox.com/
  • https://nitrobox.jobs.personio.de/
42 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nitrobox.jobs.personio.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:1c00:6:9821:c840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5f2e9419d835b9fca80eb64dbd86437b9ddafab9b89bc68c792bbd1d52806ed4
Security Headers
Name Value
Content-Security-Policy report-uri https://nitrobox.personio.de/csp-reports; report-to csp-endpoint; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.personio.de https://*.personio-internal.de https://fonts.gstatic.com https://*.googleapis.com https://*.userlane.com https://cdn.pendo.io https://js-agent.newrelic.com https://bam.nr-data.net https://data.pendo.io https://player.vimeo.com https://*.cdn.pendo.io https://*.stripe.com https://api.gohiring.com https://tracking.gohiring.com https://stackpath.bootstrapcdn.com https://personio.zendesk.com https://app.pendo.io https://www.youtube.com https://www.youtube-nocookie.com; img-src * data:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache
content-encoding
UTF-8
content-length
43259
content-security-policy
report-uri https://nitrobox.personio.de/csp-reports; report-to csp-endpoint; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.personio.de https://*.personio-internal.de https://fonts.gstatic.com https://*.googleapis.com https://*.userlane.com https://cdn.pendo.io https://js-agent.newrelic.com https://bam.nr-data.net https://data.pendo.io https://player.vimeo.com https://*.cdn.pendo.io https://*.stripe.com https://api.gohiring.com https://tracking.gohiring.com https://stackpath.bootstrapcdn.com https://personio.zendesk.com https://app.pendo.io https://www.youtube.com https://www.youtube-nocookie.com; img-src * data:;
content-type
text/html
date
Tue, 20 Jun 2023 03:34:24 GMT
report-to
{"group":"csp-endpoint","max_age":31536000,"endpoints":[{"url":"https://nitrobox.personio.de/csp-reports"}],"include_subdomains":true}
server
AmazonS3
strict-transport-security
max-age=31536000
via
1.1 42b60ee17f7593fff72ca1cb725d6c9a.cloudfront.net (CloudFront)
x-amz-cf-id
CX_IAGONyi4YaVEu0MTzUWlxxTJx17rpx1XT2zBn31CByQ93b0elPg==
x-amz-cf-pop
FRA2-C1
x-amz-id-2
6CSk8AHAX/p7dex9h06KgAbVAR85BDEqvnpHXvhi+IUQOue9ZKWb84AF9ohGXEkIXRU9JJ9gmHQ=
x-amz-request-id
C16AETYS885PAWE6
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

content-length
162
content-type
text/html
date
Tue, 20 Jun 2023 03:34:24 GMT
location
https://nitrobox.jobs.personio.de
strict-transport-security
max-age=15724800; includeSubDomains
styles.ed32b982ea9facd93534.css
assets.cdn.personio.de/jobs/v2/min/css/ 		256 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.cdn.personio.de/jobs/v2/min/css/styles.ed32b982ea9facd93534.css
Requested by
Host: nitrobox.jobs.personio.de
URL: https://nitrobox.jobs.personio.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
541f2620fc991e024ff87125954492ecd21fa1a51dc2e9a8850a4480bd9d53d8
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://nitrobox.jobs.personio.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src *.personio.de
strict-transport-security
max-age=3600
x-content-type-options
nosniff
date
Mon, 19 Jun 2023 04:42:22 GMT
content-encoding
gzip
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
age
82324
x-cache
Hit from cloudfront
x-xss-protection
1
last-modified
Fri, 16 Jun 2023 14:36:29 GMT
server
AmazonS3
etag
W/"1fafcc41eae423212314fe94a1bbff9e"
x-frame-options
DENY
vary
Accept-Encoding, Origin
content-type
text/css
cache-control
max-age=2592000,public,must-revalidate
timing-allow-origin
*
x-amz-cf-id
RmecjnZ4QzGJnc0YCwdvSn-BWdVdsTLBOrHDG4Us4pcv3Lmm1RGM_w==
roboto.css
assets.cdn.personio.de/fonts/ 		27 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.cdn.personio.de/fonts/roboto.css
Requested by
Host: nitrobox.jobs.personio.de
URL: https://nitrobox.jobs.personio.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2f0304205fbe14f86aebe40a20a0b08f7833e81d919af44af61c1f9106a7f21a
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://nitrobox.jobs.personio.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src *.personio.de
strict-transport-security
max-age=3600
x-content-type-options
nosniff
date
Mon, 19 Jun 2023 04:39:14 GMT
content-encoding
gzip
x-amz-cf-pop
FRA6-C1
age
82512
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1
last-modified
Mon, 05 Dec 2022 12:43:32 GMT
server
AmazonS3
etag
W/"311aa83b14b6987cebd148ba8ed47d88"
x-frame-options
DENY
vary
Accept-Encoding, Origin
content-type
text/css
timing-allow-origin
*
x-amz-cf-id
IHsW1eVkO6BfvS9o33LldUfEfCDTaOkaUHFDIE-7uuKrDtl1KyYp1Q==
387703d3f10a8142dce9f39f9b8524c3.png
assets.cdn.personio.de/logos/389/social/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.cdn.personio.de/logos/389/social/387703d3f10a8142dce9f39f9b8524c3.png
Requested by
Host: nitrobox.jobs.personio.de
URL: https://nitrobox.jobs.personio.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e84f56873aaffcfc31a81110dcf02c202d1011cc099d2aa0a2ca08af0eb80a1d
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 19 Jun 2023 14:22:49 GMT
content-security-policy
default-src *.personio.de
x-content-type-options
nosniff
strict-transport-security
max-age=3600
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
47497
x-cache
Hit from cloudfront
content-length
5648
x-xss-protection
1
last-modified
Wed, 30 Nov 2022 02:45:07 GMT
server
AmazonS3
etag
"36a4d825ce0ad94266acdc4a46f5d7b6"
x-frame-options
DENY
vary
Origin
content-type
image/png
cache-control
max-age=2592000,public,must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
EYw8C9IRoBqLQkmsYazvYr0JvGJB7FTAZ0gruBpZEdFpPPgroMMfhw==
logo-personio-square-small.png
assets.cdn.personio.de/build/client/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.cdn.personio.de/build/client/img/logo-personio-square-small.png
Requested by
Host: nitrobox.jobs.personio.de
URL: https://nitrobox.jobs.personio.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cc833c90072cc6c05cd6f3dc195ef443b0974b0b822a5edb6854bd3327dc30a3
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src *.personio.de
strict-transport-security
max-age=3600
x-content-type-options
nosniff
date
Mon, 19 Jun 2023 17:21:36 GMT
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
36770
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1735
x-xss-protection
1
last-modified
Fri, 16 Jun 2023 14:36:26 GMT
server
AmazonS3
etag
"451b9aaf8bfaa0095a2cb5f2f5801b06"
x-frame-options
DENY
vary
Accept-Encoding, Origin
content-type
image/png
cache-control
max-age=2592000,public,must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
1C8I8VZWI8SA8osajXorwgZURyTcRp-a85r4v-Wtmnm5Pk5fW3ZKHA==
load_assets.886f886c7fa367610546.js
assets.cdn.personio.de/jobs/v2/min/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.cdn.personio.de/jobs/v2/min/js/load_assets.886f886c7fa367610546.js
Requested by
Host: nitrobox.jobs.personio.de
URL: https://nitrobox.jobs.personio.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3668ff3e88b6607f95dec89b87537aed4b4529a4640b50bce828347b4ce2e18a
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src *.personio.de
strict-transport-security
max-age=3600
x-content-type-options
nosniff
date
Mon, 19 Jun 2023 04:25:39 GMT
content-encoding
gzip
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
age
83327
x-cache
Hit from cloudfront
x-xss-protection
1
last-modified
Mon, 12 Jun 2023 16:00:27 GMT
server
AmazonS3
etag
W/"2a258b585fe822761775d654ba3931da"
x-frame-options
DENY
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
max-age=2592000,public,must-revalidate
timing-allow-origin
*
x-amz-cf-id
d2xoAcHqJFkvbz0wSUMZHrtMknQQuux9NcH-oqWL_ARJ_YH1cgtEJQ==
322334e6c99f202601f0970cf112240dpng
assets.cdn.personio.de/career-site/header/389/ 		257 KB
258 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.cdn.personio.de/career-site/header/389/322334e6c99f202601f0970cf112240dpng
Requested by
Host: nitrobox.jobs.personio.de
URL: https://nitrobox.jobs.personio.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
45460e0639ed50fbe5c3b574c411eb154485c924c0cd5b1fc96f9fc3373738e4
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://nitrobox.jobs.personio.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src *.personio.de
strict-transport-security
max-age=3600
x-content-type-options
nosniff
date
Tue, 20 Jun 2023 03:34:26 GMT
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-cache
RefreshHit from cloudfront
content-length
262884
x-xss-protection
1
last-modified
Wed, 30 Nov 2022 01:31:28 GMT
server
AmazonS3
etag
"322334e6c99f202601f0970cf112240d"
x-frame-options
DENY
vary
Accept-Encoding, Origin
content-type
image/png
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
fgxS5-2LeLqzw7NP1jzcJiiWB8tCOExsMDMUC-VSZm8oXe1f2gsL5w==
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9e406047e2f128fd8409dac120713e9618d97cfdbc1b1bbb82d7fc2277495628

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
we-are-hiring.cdn.personio.de/fonts/roboto/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://we-are-hiring.cdn.personio.de/fonts/roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: assets.cdn.personio.de
URL: https://assets.cdn.personio.de/fonts/roboto.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://assets.cdn.personio.de/
Origin
https://nitrobox.jobs.personio.de
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 19 Jun 2023 09:44:12 GMT
content-security-policy
default-src *.personio.de
x-content-type-options
nosniff
strict-transport-security
max-age=3600
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
64214
x-cache
Hit from cloudfront
content-length
11040
x-xss-protection
1
last-modified
Mon, 05 Dec 2022 12:43:32 GMT
server
AmazonS3
etag
"5e22a46c04d947a36ea0cad07afcc9e1"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
https://nitrobox.jobs.personio.de
x-frame-options
DENY
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
37jSpsdfGti1cGaBG1iSwSwyQwoXUomRxM3YJr1Wo6xFmjP9_KDuTg==
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
we-are-hiring.cdn.personio.de/fonts/roboto/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://we-are-hiring.cdn.personio.de/fonts/roboto/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: assets.cdn.personio.de
URL: https://assets.cdn.personio.de/fonts/roboto.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://assets.cdn.personio.de/
Origin
https://nitrobox.jobs.personio.de
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 19 Jun 2023 09:44:12 GMT
content-security-policy
default-src *.personio.de
x-content-type-options
nosniff
strict-transport-security
max-age=3600
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
64214
x-cache
Hit from cloudfront
content-length
11072
x-xss-protection
1
last-modified
Mon, 05 Dec 2022 12:43:32 GMT
server
AmazonS3
etag
"e7df3d0942815909add8f9d0c40d00d9"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
https://nitrobox.jobs.personio.de
x-frame-options
DENY
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
HBSLkdzZ9kTcpiZ_CS1gkjngLC0IJIyESPDddTuzjiBI6zWoiCmmqA==
fa-solid-900.woff2
assets.cdn.personio.de/jobs/v2/min/css/fonts/ 		49 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.cdn.personio.de/jobs/v2/min/css/fonts/fa-solid-900.woff2
Requested by
Host: assets.cdn.personio.de
URL: https://assets.cdn.personio.de/jobs/v2/min/css/styles.ed32b982ea9facd93534.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cbbca7d9888b4a9eab7d479756d2924f9b067fd38dab376797029df741f96ee4
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://assets.cdn.personio.de/jobs/v2/min/css/styles.ed32b982ea9facd93534.css
Origin
https://nitrobox.jobs.personio.de
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 19 Jun 2023 09:44:12 GMT
content-security-policy
default-src *.personio.de
x-content-type-options
nosniff
strict-transport-security
max-age=3600
via
1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
64214
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
50372
x-xss-protection
1
last-modified
Mon, 19 Jun 2023 07:17:07 GMT
server
AmazonS3
etag
"8a8c0474283e0d9ef41743e5e486bf05"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
https://nitrobox.jobs.personio.de
cache-control
max-age=2592000,public,must-revalidate
access-control-allow-credentials
true
x-frame-options
DENY
accept-ranges
bytes
timing-allow-origin
*
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
s-agtasKgliO-K7YYfFHqVWWHBWspSLB_HahoDBSHsPeOYKzSxkWqg==
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
we-are-hiring.cdn.personio.de/fonts/roboto/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://we-are-hiring.cdn.personio.de/fonts/roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: assets.cdn.personio.de
URL: https://assets.cdn.personio.de/fonts/roboto.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://assets.cdn.personio.de/
Origin
https://nitrobox.jobs.personio.de
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 19 Jun 2023 09:44:12 GMT
content-security-policy
default-src *.personio.de
x-content-type-options
nosniff
strict-transport-security
max-age=3600
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
64214
x-cache
Hit from cloudfront
content-length
11028
x-xss-protection
1
last-modified
Mon, 05 Dec 2022 12:43:33 GMT
server
AmazonS3
etag
"1f6d3cf6d38f25d83d95f5a800b8cac3"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
https://nitrobox.jobs.personio.de
x-frame-options
DENY
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
_83xUYBxCrbmbzpxm9Ub8gJzIfqrb8Pi7hIfyfFHWwpn_ck50dcrgw==
rev-manifest.json
assets.cdn.personio.de/jobs/v2/ 		464 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://assets.cdn.personio.de/jobs/v2/rev-manifest.json
Requested by
Host: assets.cdn.personio.de
URL: https://assets.cdn.personio.de/jobs/v2/min/js/load_assets.886f886c7fa367610546.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a32da17a82ee102fad4746a72fa93b5fc203685fe2afbbf4397e1f250cd903a1
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 20 Jun 2023 03:34:26 GMT
content-security-policy
default-src *.personio.de
x-content-type-options
nosniff
strict-transport-security
max-age=3600
via
1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
464
x-xss-protection
1
last-modified
Mon, 19 Jun 2023 14:09:23 GMT
server
AmazonS3
etag
"c624f6cc2df6c9c5bd9ddf81f98529ae"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
https://nitrobox.jobs.personio.de
cache-control
no-store, max-age=0
access-control-allow-credentials
true
x-frame-options
DENY
accept-ranges
bytes
timing-allow-origin
*
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
zjg56lR1qLQ4HfKdq_j5M_qPzWw2dECnMOmlqhOfLOIz-dSd2i_kDg==
vendor.BkQyEnTk2.js
assets.cdn.personio.de/jobs/v2/min/js/ 		431 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.cdn.personio.de/jobs/v2/min/js/vendor.BkQyEnTk2.js
Requested by
Host: assets.cdn.personio.de
URL: https://assets.cdn.personio.de/jobs/v2/min/js/load_assets.886f886c7fa367610546.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
efad9cf420cc859ae171aa66a1f6a87f7f34766018838a24a12502c5e662664b
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src *.personio.de
strict-transport-security
max-age=3600
x-content-type-options
nosniff
date
Mon, 19 Jun 2023 04:35:46 GMT
content-encoding
gzip
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
age
82720
x-cache
Hit from cloudfront
x-xss-protection
1
last-modified
Mon, 12 Jun 2023 16:00:27 GMT
server
AmazonS3
etag
W/"92f5fbc7aee608e46f4f339ae50d6599"
x-frame-options
DENY
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
max-age=2592000,public,must-revalidate
timing-allow-origin
*
x-amz-cf-id
8bJaDb6gfmcCtGS_RRfAO8RUCNuRHzBBqc5oSEHLP3SO8ajpXtU8Og==
scripts.df5bb1715c2407eb1bf3.js
assets.cdn.personio.de/jobs/v2/min/js/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.cdn.personio.de/jobs/v2/min/js/scripts.df5bb1715c2407eb1bf3.js
Requested by
Host: assets.cdn.personio.de
URL: https://assets.cdn.personio.de/jobs/v2/min/js/load_assets.886f886c7fa367610546.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b3628ccfb81508e562a340602e330617f4642ac5ec631fd9f110e855af5014
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src *.personio.de
strict-transport-security
max-age=3600
x-content-type-options
nosniff
date
Tue, 20 Jun 2023 02:51:01 GMT
content-encoding
gzip
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
age
2605
x-cache
Hit from cloudfront
x-xss-protection
1
last-modified
Fri, 16 Jun 2023 14:36:29 GMT
server
AmazonS3
etag
W/"fb034b63fb9908aa29c8abc8cbf35013"
x-frame-options
DENY
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
max-age=2592000,public,must-revalidate
timing-allow-origin
*
x-amz-cf-id
Br2lJZBA0mo2j0ujKG-9rP6tbogbPs4qeymhy4Pe-E5Zm4HClc4zQQ==
jobs_list.60aab5465b9c97264205.js
assets.cdn.personio.de/jobs/v2/min/js/ 		50 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.cdn.personio.de/jobs/v2/min/js/jobs_list.60aab5465b9c97264205.js
Requested by
Host: assets.cdn.personio.de
URL: https://assets.cdn.personio.de/jobs/v2/min/js/load_assets.886f886c7fa367610546.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4e00:1f:614b:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
64181ee4e8276690dcd3e5911227da1786dc055bfaec4b4feedb75965686747a
Security Headers
Name Value
Content-Security-Policy default-src *.personio.de
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src *.personio.de
strict-transport-security
max-age=3600
x-content-type-options
nosniff
date
Mon, 19 Jun 2023 04:38:02 GMT
content-encoding
gzip
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
age
82584
x-cache
Hit from cloudfront
x-xss-protection
1
last-modified
Mon, 12 Jun 2023 16:00:27 GMT
server
AmazonS3
etag
W/"eb23c96816d039e18a67e16f102d137d"
x-frame-options
DENY
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
max-age=2592000,public,must-revalidate
timing-allow-origin
*
x-amz-cf-id
p7LV6gVPfjgAM_8xYFbI3y7QGdUswyP8pczE6LDuVPyhGaG5Ij8XWg==
search.json
nitrobox.jobs.personio.de/ 		17 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://nitrobox.jobs.personio.de/search.json
Requested by
Host: assets.cdn.personio.de
URL: https://assets.cdn.personio.de/jobs/v2/min/js/jobs_list.60aab5465b9c97264205.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:1c00:6:9821:c840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7d5ee83e85a1aef5c7ed63e58807687661b5be680a48f05ca0bf85eb75e5f4b7
Security Headers
Name Value
Content-Security-Policy report-uri https://nitrobox.personio.de/csp-reports; report-to csp-endpoint; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.personio.de https://*.personio-internal.de https://fonts.gstatic.com https://*.googleapis.com https://*.userlane.com https://cdn.pendo.io https://js-agent.newrelic.com https://bam.nr-data.net https://data.pendo.io https://player.vimeo.com https://*.cdn.pendo.io https://*.stripe.com https://api.gohiring.com https://tracking.gohiring.com https://stackpath.bootstrapcdn.com https://personio.zendesk.com https://app.pendo.io https://www.youtube.com https://www.youtube-nocookie.com; img-src * data:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 20 Jun 2023 03:34:26 GMT
x-amz-version-id
NWGNCEhXp1vH3Zy31BHzrOlF1zt3eXHh
x-content-type-options
nosniff
content-security-policy
report-uri https://nitrobox.personio.de/csp-reports; report-to csp-endpoint; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.personio.de https://*.personio-internal.de https://fonts.gstatic.com https://*.googleapis.com https://*.userlane.com https://cdn.pendo.io https://js-agent.newrelic.com https://bam.nr-data.net https://data.pendo.io https://player.vimeo.com https://*.cdn.pendo.io https://*.stripe.com https://api.gohiring.com https://tracking.gohiring.com https://stackpath.bootstrapcdn.com https://personio.zendesk.com https://app.pendo.io https://www.youtube.com https://www.youtube-nocookie.com; img-src * data:;
content-encoding
gzip
strict-transport-security
max-age=31536000
x-amz-request-id
ZZ7843MT16SQ1GK6
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
via
1.1 42b60ee17f7593fff72ca1cb725d6c9a.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-id-2
DmQOqFMUbNyl5pfdT2hqJBJcWehc4jUalPPuVnUn2i7yW3EUogNHUWZbW8Qc542Y+YkgFRlwviD5CZaT7D63VQ==
x-xss-protection
1; mode=block
last-modified
Wed, 14 Jun 2023 14:21:36 GMT
server
AmazonS3
etag
W/"2e06c9a614208477906728f70bce324a"
vary
Accept-Encoding
report-to
{"group":"csp-endpoint","max_age":31536000,"endpoints":[{"url":"https://nitrobox.personio.de/csp-reports"}],"include_subdomains":true}
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache
x-amz-cf-id
99lpu6xst0YP3ZlO6jV-ifWirsztkqrtwNsooSXN7Hxo9v9YYwnxcA==

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| version function| _createClass function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| Emitter function| Dropzone function| without function| camelize function| detectVerticalSquash function| drawImageIOSFix function| ExifRestore function| contentLoaded function| __guard__ function| __guardMethod__ function| $ function| jQuery object| Popper number| uidEvent object| bootstrap function| moment function| lunr

1 Cookies

Domain/Path Name / Value
nitrobox.jobs.personio.de/ Name: locale
Value: en

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy report-uri https://nitrobox.personio.de/csp-reports; report-to csp-endpoint; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.personio.de https://*.personio-internal.de https://fonts.gstatic.com https://*.googleapis.com https://*.userlane.com https://cdn.pendo.io https://js-agent.newrelic.com https://bam.nr-data.net https://data.pendo.io https://player.vimeo.com https://*.cdn.pendo.io https://*.stripe.com https://api.gohiring.com https://tracking.gohiring.com https://stackpath.bootstrapcdn.com https://personio.zendesk.com https://app.pendo.io https://www.youtube.com https://www.youtube-nocookie.com; img-src * data:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block