urlscan.io logo urlscan.io
SecurityTrails logo

menu.orderup.ai Open in urlscan Pro
18.188.150.76  Public Scan

Go To Rescan Add Verdict Report
URL: https://menu.orderup.ai/merchant/jnegJYdw
Submission: On November 12 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 8 domains to perform 26 HTTP transactions. The main IP is 18.188.150.76, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is menu.orderup.ai.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 16th 2023. Valid for: a year.
This is the only time menu.orderup.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

4    18.188.150.76 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-188-150-76.us-east-2.compute.amazonaws.com
menu.orderup.ai
1    2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
3    151.101.64.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
4    18.224.160.76 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-224-160-76.us-east-2.compute.amazonaws.com
api.orderup.ai
2    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
2    2600:9000:206f:d400:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
m.stripe.network
1    44.239.50.123 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-50-123.us-west-2.compute.amazonaws.com
m.stripe.com
2    52.219.177.97 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: s3.us-east-2.amazonaws.com
s3.us-east-2.amazonaws.com
Apex Domain
Subdomains		 Transfer
8 orderup.ai
menu.orderup.ai
api.orderup.ai
3 MB
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1287
q.stripe.com — Cisco Umbrella Rank: 7148
m.stripe.com — Cisco Umbrella Rank: 1249
157 KB
2 amazonaws.com
s3.us-east-2.amazonaws.com
103 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1354
16 KB
2 gstatic.com
fonts.gstatic.com
32 KB
2 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2462
308 B
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
2 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
88 KB
26 8
Domain Requested by
4 api.orderup.ai menu.orderup.ai
4 menu.orderup.ai menu.orderup.ai
3 q.stripe.com menu.orderup.ai
3 js.stripe.com menu.orderup.ai
js.stripe.com
2 s3.us-east-2.amazonaws.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 fonts.gstatic.com fonts.googleapis.com
2 region1.google-analytics.com www.googletagmanager.com
2 fonts.googleapis.com menu.orderup.ai
1 m.stripe.com m.stripe.network
1 www.googletagmanager.com menu.orderup.ai
26 11

This site contains no links.

Subject Issuer Validity Valid
menu.orderup.ai
Amazon RSA 2048 M01		 2023-02-16 -
2024-03-17		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-30 -
2024-01-25		 3 months crt.sh
api.orderup.ai
Amazon RSA 2048 M01		 2023-02-16 -
2024-03-17		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-10-09 -
2024-01-18		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-10-05 -
2024-01-18		 3 months crt.sh
*.s3.us-east-2.amazonaws.com
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-17		 a year crt.sh

This page contains 3 frames:

Primary Page: https://menu.orderup.ai/merchant/jnegJYdw
Frame ID: B0335BE6B7C59845A7B77F4CA96FA756
Requests: 16 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Frame ID: 0256DC8A21CA9B00F86B0BE06BD503A5
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 51DFBD8647FB91C6B613C8ACA852F4C2
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

OrderUp

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

26
Requests

100 %
HTTPS

45 %
IPv6

8
Domains

11
Subdomains

11
IPs

2
Countries

3812 kB
Transfer

4452 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request jnegJYdw
menu.orderup.ai/merchant/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://menu.orderup.ai/merchant/jnegJYdw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.188.150.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-188-150-76.us-east-2.compute.amazonaws.com
Software
nginx/1.21.6 /
Resource Hash
10e9672ddfe24959a84b5054699febcba5952f1aa090e01960a750529ea3853d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
1202
content-type
text/html
date
Sun, 12 Nov 2023 00:36:06 GMT
etag
"6447360f-4b2"
last-modified
Tue, 25 Apr 2023 02:08:15 GMT
server
nginx/1.21.6
js
www.googletagmanager.com/gtag/ 		260 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-RN4K28V3VK
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/merchant/jnegJYdw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2208b484ddbaec67586c7875076137c7aae080a4a4603e6b64938489dcacf0f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 00:36:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
89679
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 12 Nov 2023 00:36:06 GMT
css
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/merchant/jnegJYdw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 12 Nov 2023 00:36:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 11 Nov 2023 23:37:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 12 Nov 2023 00:36:06 GMT
icon
fonts.googleapis.com/ 		569 B
439 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/merchant/jnegJYdw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 12 Nov 2023 00:36:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 00:36:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 12 Nov 2023 00:36:06 GMT
vendors-6866b96d6e58f469a7bc.js
menu.orderup.ai/assets/js/ 		3 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://menu.orderup.ai/assets/js/vendors-6866b96d6e58f469a7bc.js
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/merchant/jnegJYdw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.188.150.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-188-150-76.us-east-2.compute.amazonaws.com
Software
nginx/1.21.6 /
Resource Hash
bc7256b1ff78a17367bfc4adecbb193a05d5309b96c2f49180009bc1ec4c5516

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/merchant/jnegJYdw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 00:36:06 GMT
last-modified
Tue, 25 Apr 2023 02:08:15 GMT
server
nginx/1.21.6
accept-ranges
bytes
etag
"6447360f-2cc5ea"
content-length
2934250
content-type
application/javascript
source-d02ef9ef622573f0e461.js
menu.orderup.ai/assets/js/ 		350 KB
351 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://menu.orderup.ai/assets/js/source-d02ef9ef622573f0e461.js
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/merchant/jnegJYdw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.188.150.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-188-150-76.us-east-2.compute.amazonaws.com
Software
nginx/1.21.6 /
Resource Hash
598d83c71a562c563d23062f80e561e4467bbc7c01cb8f36bae5eb55a4fc39bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/merchant/jnegJYdw
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 00:36:06 GMT
last-modified
Tue, 25 Apr 2023 02:08:15 GMT
server
nginx/1.21.6
accept-ranges
bytes
etag
"6447360f-577f3"
content-length
358387
content-type
application/javascript
collect
region1.google-analytics.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RN4K28V3VK&gtm=45je3b81v897928317&_p=1699749366761&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=658664716.1699749367&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1699749366&sct=1&seg=0&dl=https%3A%2F%2Fmenu.orderup.ai%2Fmerchant%2FjnegJYdw&dt=OrderUp&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=884
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RN4K28V3VK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 12 Nov 2023 00:36:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://menu.orderup.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v3
js.stripe.com/ 		552 KB
153 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/assets/js/vendors-6866b96d6e58f469a7bc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
97ad5db971366096746a029a6060f3c0b1e478192c8f86e3d81207590afd7dd8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Sun, 12 Nov 2023 00:36:09 GMT
via
1.1 varnish
age
51
x-cache
HIT
content-length
156367
x-request-id
b03df18d-a39f-4762-af80-93b3dc01e063
x-served-by
cache-fra-eddf8230084-FRA
last-modified
Fri, 10 Nov 2023 21:40:35 GMT
server
Fastly
etag
"ded59f1f2f98aff73b8768101c88a305"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
12
graphql
api.orderup.ai/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.orderup.ai/graphql
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.160.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-160-76.us-east-2.compute.amazonaws.com
Software
curveball/0.19.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://menu.orderup.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type User-Agent Authorization Accept Prefer Prefer-Push Link Location SeatSessionID X-Actor-Token
access-control-allow-methods
DELETE GET PATCH POST PUT
access-control-allow-origin
https://menu.orderup.ai
access-control-expose-headers
Location Link
content-length
0
content-type
application/hal+json
date
Sun, 12 Nov 2023 00:36:09 GMT
server
curveball/0.19.0
graphql
api.orderup.ai/ 		260 B
914 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.orderup.ai/graphql
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/assets/js/vendors-6866b96d6e58f469a7bc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.160.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-160-76.us-east-2.compute.amazonaws.com
Software
curveball/0.19.0 /
Resource Hash
a17e254c2566fb173dd12a33aacafb70c5268a681cf0c10202d171c874f534f8

Request headers

accept
*/*
Referer
https://menu.orderup.ai/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type
application/json

Response headers

date
Sun, 12 Nov 2023 00:36:10 GMT
server
curveball/0.19.0
access-control-allow-methods
DELETE, GET, PATCH, POST, PUT
content-type
application/json
access-control-allow-origin
https://menu.orderup.ai
access-control-expose-headers
Location, Link
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, User-Agent, Authorization, Accept, Prefer, Prefer-Push, Link, Location, SeatSessionID, X-Actor-Token
content-length
260
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://menu.orderup.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 04:06:52 GMT
x-content-type-options
nosniff
age
160157
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Nov 2024 04:06:52 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://menu.orderup.ai
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 15:18:02 GMT
x-content-type-options
nosniff
age
119887
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 09 Nov 2024 15:18:02 GMT
m-outer-27c67c0d52761104439bb051c7856ab1.html
js.stripe.com/v3/ Frame 0256 		200 B
817 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://menu.orderup.ai/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
5541090
cache-control
max-age=31536000
content-encoding
br
content-length
154
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sun, 12 Nov 2023 00:36:09 GMT
etag
"27c67c0d52761104439bb051c7856ab1"
last-modified
Fri, 08 Sep 2023 21:23:50 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
592303
x-content-type-options
nosniff
x-request-id
a0148b8a-23d2-4b8a-8529-72031776eba8
x-served-by
cache-fra-eddf8230084-FRA
m-outer-6576085ca35ee42f2f484cda6763e4aa.js
js.stripe.com/v3/fingerprinted/js/ Frame 0256 		631 B
533 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Sun, 12 Nov 2023 00:36:09 GMT
via
1.1 varnish
age
5541091
x-cache
HIT
content-length
399
x-request-id
7b1634d0-502d-49e2-aeca-aae57eb9f56e
x-served-by
cache-fra-eddf8230084-FRA
last-modified
Fri, 08 Sep 2023 21:23:49 GMT
server
Fastly
etag
"70cacf09ae81711ac6dcbc5ee59750c4"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
566302
csp-report
q.stripe.com/ Frame 0256 		0
716 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/merchant/jnegJYdw
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 12 Nov 2023 00:36:09 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1699749369846083
x-envoy-upstream-service-time
2
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
0
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1699749369845483
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 0256 		0
717 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/merchant/jnegJYdw
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 12 Nov 2023 00:36:09 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1699749369846094
x-envoy-upstream-service-time
2
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
0
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1699749369845508
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
inner.html
m.stripe.network/ Frame 51DF 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:d400:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
243
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sun, 12 Nov 2023 00:32:07 GMT
etag
"06bfcd88af438673a8bf9b845a11aa6e"
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
x-amz-cf-id
uE0p5Qu-ZQ-ZlZqnuW1wc9z1d5pPvYyJlGOXldq_btS9JmhuQCFyow==
x-amz-cf-pop
FRA56-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
csp-report
q.stripe.com/ Frame 51DF 		0
490 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/merchant/jnegJYdw
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 12 Nov 2023 00:36:09 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1699749369846083
x-envoy-upstream-service-time
2
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-server-envoy-upstream-service-time-ms
0
x-stripe-client-envoy-start-time-us
1699749369845562
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
expires
0
out-4.5.43.js
m.stripe.network/ Frame 51DF 		87 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.43.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:d400:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 00:34:00 GMT
content-encoding
br
via
1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
age
129
x-content-type-options
nosniff
etag
W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop
FRA56-C1
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
gHKa8HpsVbLK4I4cEiCD5GYNukyydGBxvoQNQa9Rs1-SJilusWEC6g==
6
m.stripe.com/ Frame 51DF 		156 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.239.50.123 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-239-50-123.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
45c6989d55d99d0e408cbfea87e88139da0231037991e8db472abe2cbf1eb236
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
green
date
Sun, 12 Nov 2023 00:36:10 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1699749370246409
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
2
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1699749370246097
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
logo.jpeg
s3.us-east-2.amazonaws.com/img.alpaca.orderup.ai/merchant_44/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.us-east-2.amazonaws.com/img.alpaca.orderup.ai/merchant_44/logo.jpeg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.177.97 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3.us-east-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
121217d9a0e2a42942f6f55c1c4e194af11cd39d6ac47aa007fdf2a0c1f74353

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Sun, 12 Nov 2023 00:36:11 GMT
Last-Modified
Mon, 19 Dec 2022 20:10:30 GMT
Server
AmazonS3
x-amz-request-id
VB1W0X862TFFD7AR
ETag
"f0f9961f2d4fb4cdb13e7942707dfe39"
x-amz-server-side-encryption
AES256
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
28298
x-amz-id-2
KYN5JnBbP9zkoBPD5Mb0ySiIx2+ZGHtrQjhgSCgbnW5156c+w9g3ie89OuqSrNJyyOOYcrf6ci0=
food-pattern-neutral-shade.png
menu.orderup.ai/assets/images/ 		141 KB
142 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://menu.orderup.ai/assets/images/food-pattern-neutral-shade.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.188.150.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-188-150-76.us-east-2.compute.amazonaws.com
Software
nginx/1.21.6 /
Resource Hash
c89cc4c68a94e3a27d8b830d95fcc67ba43846ce5e4b758e21503aa504c28767

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/44/takeout
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 00:36:10 GMT
last-modified
Tue, 25 Apr 2023 02:08:15 GMT
server
nginx/1.21.6
accept-ranges
bytes
etag
"6447360f-235fa"
content-length
144890
content-type
image/png
graphql
api.orderup.ai/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.orderup.ai/graphql
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.160.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-160-76.us-east-2.compute.amazonaws.com
Software
curveball/0.19.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://menu.orderup.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type User-Agent Authorization Accept Prefer Prefer-Push Link Location SeatSessionID X-Actor-Token
access-control-allow-methods
DELETE GET PATCH POST PUT
access-control-allow-origin
https://menu.orderup.ai
access-control-expose-headers
Location Link
content-length
0
content-type
application/hal+json
date
Sun, 12 Nov 2023 00:36:10 GMT
server
curveball/0.19.0
graphql
api.orderup.ai/ 		49 KB
50 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.orderup.ai/graphql
Requested by
Host: menu.orderup.ai
URL: https://menu.orderup.ai/assets/js/vendors-6866b96d6e58f469a7bc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.160.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-160-76.us-east-2.compute.amazonaws.com
Software
curveball/0.19.0 /
Resource Hash
93fdaa297d62bcf498613f6ee04ab7902cc6c87641528a4aa2f7e0d955a9680b

Request headers

accept
*/*
Referer
https://menu.orderup.ai/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type
application/json

Response headers

date
Sun, 12 Nov 2023 00:36:11 GMT
server
curveball/0.19.0
access-control-allow-methods
DELETE, GET, PATCH, POST, PUT
content-type
application/json
access-control-allow-origin
https://menu.orderup.ai
access-control-expose-headers
Location, Link
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, User-Agent, Authorization, Accept, Prefer, Prefer-Push, Link, Location, SeatSessionID, X-Actor-Token
content-length
50647
header.jpeg
s3.us-east-2.amazonaws.com/img.production.orderup.ai/merchant_44/ 		75 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.us-east-2.amazonaws.com/img.production.orderup.ai/merchant_44/header.jpeg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.177.97 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3.us-east-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
e32576e7935bf91c4c90290b6078fb3cd0d71efa759b5903792684d9486fb04c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://menu.orderup.ai/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Sun, 12 Nov 2023 00:36:13 GMT
Last-Modified
Mon, 07 Jun 2021 13:56:23 GMT
Server
AmazonS3
x-amz-request-id
JFYPMH6GH17ZPN69
ETag
"e5d631bdc47350cb6c553828cb8930a3"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
76882
x-amz-id-2
h6u38f3/PXw3GX1FQ0MExBFNzr6ajxorL/FZfE843KKhUyAkaMsFPk+aH9GX5bYjz38Arfij7NU=
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RN4K28V3VK&gtm=45je3b81v897928317&_p=1699749366761&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=658664716.1699749367&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&sid=1699749366&sct=1&seg=1&dl=https%3A%2F%2Fmenu.orderup.ai%2Fmerchant%2FjnegJYdw&dt=OrderUp&_s=2&tfd=6126
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RN4K28V3VK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://menu.orderup.ai/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 12 Nov 2023 00:36:12 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://menu.orderup.ai
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| gtag object| dataLayer object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| webpackChunk_orderup_menu function| _ object| __SENTRY__ object| webpackChunkStripeJSouter function| noop function| Stripe

7 Cookies

Domain/Path Name / Value
.orderup.ai/ Name: _ga
Value: GA1.1.658664716.1699749367
.orderup.ai/ Name: mp_4ba76360a363f65b03ef36eead4e444c_mixpanel
Value: %7B%22distinct_id%22%3A%20%2218bc0f5145963c-02b6f0a5d6ed31-66385e53-1d4c00-18bc0f5145ab5d%22%2C%22%24device_id%22%3A%20%2218bc0f5145963c-02b6f0a5d6ed31-66385e53-1d4c00-18bc0f5145ab5d%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22path%22%3A%20%22%2F44%2Ftakeout%22%2C%22merchantId%22%3A%20%2244%22%7D
m.stripe.com/ Name: m
Value: 19eacf7d-e591-43b2-93b0-28c3d71ae82c7b04ac
.menu.orderup.ai/ Name: __stripe_mid
Value: 2d375783-2fc7-475f-8121-245586a4c28b7413b2
.menu.orderup.ai/ Name: __stripe_sid
Value: 42ceec88-d9be-4e74-ab21-0b1f9505dd01ecf80a
.orderup.ai/ Name: _ga_RN4K28V3VK
Value: GS1.1.1699749366.1.1.1699749371.0.0.0
api.orderup.ai/ Name: CB
Value: 8EbJzSlsPHb6aiM1ksIswpVUUiL2IRzzGYRb3HiiAmA%3D

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.orderup.ai
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
m.stripe.com
m.stripe.network
menu.orderup.ai
q.stripe.com
region1.google-analytics.com
s3.us-east-2.amazonaws.com
www.googletagmanager.com
151.101.64.176
18.188.150.76
18.224.160.76
2001:4860:4802:32::36
2600:9000:206f:d400:19:7d10:bd80:93a1
2a00:1450:4001:802::200a
2a00:1450:4001:80e::2003
2a00:1450:4001:811::2008
44.239.50.123
52.219.177.97
54.187.119.242
10e9672ddfe24959a84b5054699febcba5952f1aa090e01960a750529ea3853d
121217d9a0e2a42942f6f55c1c4e194af11cd39d6ac47aa007fdf2a0c1f74353
2208b484ddbaec67586c7875076137c7aae080a4a4603e6b64938489dcacf0f0
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
45c6989d55d99d0e408cbfea87e88139da0231037991e8db472abe2cbf1eb236
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
598d83c71a562c563d23062f80e561e4467bbc7c01cb8f36bae5eb55a4fc39bf
886e1e675050878cd1710ba030a7787613e5bbbe02a2b099683306c16ac8c8cd
93fdaa297d62bcf498613f6ee04ab7902cc6c87641528a4aa2f7e0d955a9680b
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
97ad5db971366096746a029a6060f3c0b1e478192c8f86e3d81207590afd7dd8
a17e254c2566fb173dd12a33aacafb70c5268a681cf0c10202d171c874f534f8
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
bc7256b1ff78a17367bfc4adecbb193a05d5309b96c2f49180009bc1ec4c5516
c89cc4c68a94e3a27d8b830d95fcc67ba43846ce5e4b758e21503aa504c28767
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e32576e7935bf91c4c90290b6078fb3cd0d71efa759b5903792684d9486fb04c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615