apple.oneye.us Open in urlscan Pro
38.95.11.236 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://apple.oneye.us/
Submission Tags: @phishunt_io
Submission: On January 19 via api (January 19th 2023, 6:24:48 pm UTC) from DE — Scanned from US

Summary HTTP 16 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 38.95.11.236, located in Kissimmee, United States and belongs to COGENT-174, US. The main domain is apple.oneye.us.
TLS certificate: Issued by R3 on January 19th 2023. Valid for: 3 months.

This is the only time apple.oneye.us was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1	38.95.11.236 38.95.11.236		174 (COGENT-174) (COGENT-174)
16	2

1 38.95.11.236 (Kissimmee, United States)

ASN174 (COGENT-174, US)

apple.oneye.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	oneye.us apple.oneye.us	102 KB
16	1

	Domain	Requested by
1	apple.oneye.us	apple.oneye.us
16	1

This site contains links to these domains. Also see Links.

Domain
support.apple.oneye.us
wallet.apple.oneye.us
appleid.apple.oneye.us
www.icloud.com
apps.apple.oneye.us
investor.apple.oneye.us
locate.apple.oneye.us

Subject Issuer	Validity	Valid
apple.oneye.us R3	`2023-01-19` - `2023-04-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://apple.oneye.us/
Frame ID: 9C3CC45F3F9CC31990E874AD25D7B818
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Apple

Detected technologies

Cart Functionality (Ecommerce) Expand

Overall confidence: 100%
Detected patterns

<a[^>]*href=[^>]*/Bag

Page Statistics

16
Requests

6 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

102 kB
Transfer

101 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://support.apple.oneye.us/
Title: Support

Search URL Search Domain Scan URL

URL: https://wallet.apple.oneye.us/apple-card/setup/feature/ccs?referrer=cid%3Dapy-200-100018
Title: Apply now

Search URL Search Domain Scan URL

URL: https://support.apple.oneye.us/kb/HT209218
Title: support.apple.oneye.us/kb/HT209218

Search URL Search Domain Scan URL

URL: https://appleid.apple.oneye.us/us/
Title: Manage Your Apple ID

Search URL Search Domain Scan URL

URL: https://www.icloud.com/
Title: iCloud.com

Search URL Search Domain Scan URL

URL: https://apps.apple.oneye.us/us/app/apple-store/id375380948
Title: Apple Store App

Search URL Search Domain Scan URL

URL: https://investor.apple.oneye.us/
Title: Investors

Search URL Search Domain Scan URL

URL: https://locate.apple.oneye.us/
Title: other retailer

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
apple.oneye.us/ 101 KB
102 KB 348ms
227ms Document
text/html 38.95.11.236
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://apple.oneye.us/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

38.95.11.236 Kissimmee, United States, ASN174 (COGENT-174, US),

Reverse DNS

Software

openresty/1.21.4.1 /

Resource Hash

9df5fba53b097470ca4eaff24ad211b2037908f7098a94428783c80435bbc1bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob: data: .akamaized.net .apple.com .apple-mapkit.com .cdn-apple.com .organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: .apple.com .apple-mapkit.com .cdn-apple.com .mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' .apple.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=50
Connection: keep-alive
Content-Security-Policy: default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
Content-Type: text/html; charset=utf-8
Date: Thu, 19 Jan 2023 18:24:43 GMT
Expires: Thu, 19 Jan 2023 18:25:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Server: openresty/1.21.4.1
Strict-Transport-Security: max-age=31536000; includeSubdomains
Transfer-Encoding: chunked
X-Cache: TCP_MEM_HIT from a23-77-200-149.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-)
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

GET ac-globalnav.built.css
apple.oneye.us/ac/globalnav/7/en_US/styles/ 0
0

GET ac-localnav.built.css
apple.oneye.us/ac/localnav/6/styles/ 0
0

GET ac-globalfooter.built.css
apple.oneye.us/ac/globalfooter/7/en_US/styles/ 0
0

GET fonts
apple.oneye.us/wss/ 0
0

GET main.built.css
apple.oneye.us/v/home/ax/built/styles/ 0
0

GET head.built.js
apple.oneye.us/v/home/ax/built/scripts/ 0
0

GET ac-globalnav.built.js
apple.oneye.us/ac/globalnav/7/en_US/scripts/ 0
0

GET ac-analytics.js
apple.oneye.us/metrics/ac-analytics/2.16.1/scripts/ 0
0

GET ac-globalfooter.built.js
apple.oneye.us/ac/globalfooter/7/en_US/scripts/ 0
0

GET localeswitcher.built.js
apple.oneye.us/ac/localeswitcher/4/en_US/scripts/ 0
0

GET main.built.js
apple.oneye.us/v/home/ax/built/scripts/ 0
0

GET modal.css
apple.oneye.us/ac/ac-films/6.8.2/styles/ 0
0

GET autofilms.built.js
apple.oneye.us/ac/ac-films/6.8.2/scripts/ 0
0

GET data-relay.js
apple.oneye.us/metrics/data-relay/1.1.4/scripts/ 0
0

GET auto-relay.js
apple.oneye.us/metrics/data-relay/1.1.4/scripts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: apple.oneye.us
URL: https://apple.oneye.us/ac/globalnav/7/en_US/styles/ac-globalnav.built.css

Domain: apple.oneye.us
URL: https://apple.oneye.us/ac/localnav/6/styles/ac-localnav.built.css

Domain: apple.oneye.us
URL: https://apple.oneye.us/ac/globalfooter/7/en_US/styles/ac-globalfooter.built.css

Domain: apple.oneye.us
URL: https://apple.oneye.us/wss/fonts?families=SF+Pro,v3|SF+Pro+Icons,v3

Domain: apple.oneye.us
URL: https://apple.oneye.us/v/home/ax/built/styles/main.built.css

Domain: apple.oneye.us
URL: https://apple.oneye.us/v/home/ax/built/scripts/head.built.js

Domain: apple.oneye.us
URL: https://apple.oneye.us/ac/globalnav/7/en_US/scripts/ac-globalnav.built.js

Domain: apple.oneye.us
URL: https://apple.oneye.us/metrics/ac-analytics/2.16.1/scripts/ac-analytics.js

Domain: apple.oneye.us
URL: https://apple.oneye.us/ac/globalfooter/7/en_US/scripts/ac-globalfooter.built.js

Domain: apple.oneye.us
URL: https://apple.oneye.us/ac/localeswitcher/4/en_US/scripts/localeswitcher.built.js

Domain: apple.oneye.us
URL: https://apple.oneye.us/v/home/ax/built/scripts/main.built.js

Domain: apple.oneye.us
URL: https://apple.oneye.us/ac/ac-films/6.8.2/styles/modal.css

Domain: apple.oneye.us
URL: https://apple.oneye.us/ac/ac-films/6.8.2/scripts/autofilms.built.js

Domain: apple.oneye.us
URL: https://apple.oneye.us/metrics/data-relay/1.1.4/scripts/data-relay.js

Domain: apple.oneye.us
URL: https://apple.oneye.us/metrics/data-relay/1.1.4/scripts/auto-relay.js

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| acTargetCustomSettings object| tvPlusHpData

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://apple.oneye.us/(Line 86) Message: Refused to load the stylesheet 'https://apple.oneye.us/ac/globalnav/7/en_US/styles/ac-globalnav.built.css' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' *.apple.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/(Line 87) Message: Refused to load the stylesheet 'https://apple.oneye.us/ac/localnav/6/styles/ac-localnav.built.css' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' *.apple.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/(Line 88) Message: Refused to load the stylesheet 'https://apple.oneye.us/ac/globalfooter/7/en_US/styles/ac-globalfooter.built.css' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' *.apple.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/(Line 143) Message: Refused to load the stylesheet 'https://apple.oneye.us/wss/fonts?families=SF+Pro,v3\|SF+Pro+Icons,v3' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' *.apple.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/(Line 144) Message: Refused to load the stylesheet 'https://apple.oneye.us/v/home/ax/built/styles/main.built.css' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' *.apple.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/ Message: Refused to load the script 'https://apple.oneye.us/v/home/ax/built/scripts/head.built.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/ Message: Refused to load the script 'https://apple.oneye.us/ac/globalnav/7/en_US/scripts/ac-globalnav.built.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/ Message: Refused to load the script 'https://apple.oneye.us/metrics/ac-analytics/2.16.1/scripts/ac-analytics.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/ Message: Refused to load the script 'https://apple.oneye.us/ac/globalfooter/7/en_US/scripts/ac-globalfooter.built.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/ Message: Refused to load the script 'https://apple.oneye.us/ac/localeswitcher/4/en_US/scripts/localeswitcher.built.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/ Message: Refused to load the script 'https://apple.oneye.us/v/home/ax/built/scripts/main.built.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/(Line 1533) Message: Refused to load the stylesheet 'https://apple.oneye.us/ac/ac-films/6.8.2/styles/modal.css' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' *.apple.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/ Message: Refused to load the script 'https://apple.oneye.us/ac/ac-films/6.8.2/scripts/autofilms.built.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/ Message: Refused to load the script 'https://apple.oneye.us/metrics/data-relay/1.1.4/scripts/data-relay.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://apple.oneye.us/ Message: Refused to load the script 'https://apple.oneye.us/metrics/data-relay/1.1.4/scripts/auto-relay.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' blob: data: .akamaized.net .apple.com .apple-mapkit.com .cdn-apple.com .organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: .apple.com .apple-mapkit.com .cdn-apple.com .mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: .apple.com .apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' .apple.com
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apple.oneye.us
apple.oneye.us
38.95.11.236
9df5fba53b097470ca4eaff24ad211b2037908f7098a94428783c80435bbc1bd

apple.oneye.us Open in urlscan Pro 38.95.11.236 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

6 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

102 kBTransfer

101 kBSize

0 Cookies

8 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

0 Cookies

15 Console Messages

Security Headers

Indicators

apple.oneye.us Open in urlscan Pro
38.95.11.236 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

6 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

102 kB
Transfer

101 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions