recovery.sweetbloods.org Open in urlscan Pro
51.161.57.15 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://recovery.sweetbloods.org/
Submission: On August 31 via automatic, source certstream-suspicious (August 31st 2023, 2:39:31 pm UTC) — Scanned from CA

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 51.161.57.15, located in Montreal, Canada and belongs to OVH, FR. The main domain is recovery.sweetbloods.org.
TLS certificate: Issued by R3 on August 31st 2023. Valid for: 3 months.

This is the only time recovery.sweetbloods.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	51.161.57.15 51.161.57.15	16276 (OVH) (OVH)
1	142.251.40.106 142.251.40.106	15169 (GOOGLE) (GOOGLE)
1	142.251.35.163 142.251.35.163	15169 (GOOGLE) (GOOGLE)
10	3

8 51.161.57.15 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: p110.lithium.hosting

recovery.sweetbloods.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.106 (Newark, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.35.163 (Marriottsville, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	sweetbloods.org recovery.sweetbloods.org	4 MB
1	gstatic.com fonts.gstatic.com	24 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 41	933 B
10	3

	Domain	Requested by
8	recovery.sweetbloods.org	recovery.sweetbloods.org
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	recovery.sweetbloods.org
10	3

This site contains links to these domains. Also see Links.

Domain
www.wlupress.wlu.ca

Subject Issuer	Validity	Valid
sweetbloods.org R3	`2023-08-31` - `2023-11-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://recovery.sweetbloods.org/
Frame ID: 0538658753458667FD137FB0AB58E34E
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

E nâtamukw miyeyimuwin: Residential School Recovery Stories of the James Bay Cree

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

3637 kB
Transfer

3710 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.wlupress.wlu.ca/Books/E/E-natamukw-miyeyimuwin
Title: Purchase

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
recovery.sweetbloods.org/ 4 KB
1 KB 656ms
39ms Document
text/html 51.161.57.15
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://recovery.sweetbloods.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 51.161.57.15 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: p110.lithium.hosting
Software: Apache /
Resource Hash: 3eb29d1dd6771884fcd15c6a2420caee1a36766690e308532988580c3c591d37

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 1207
content-type: text/html
date: Thu, 31 Aug 2023 14:39:23 GMT
etag: "ef0-601cf0c8e8dcc-br"
last-modified: Mon, 31 Jul 2023 21:24:00 GMT
server: Apache
vary: Accept-Encoding
x-hosted-by: Lithium Hosting, llc - https://lithiumhosting.com
x-mod-pagespeed: Powered By pagespeed

GET
H2 404 fonts.css
recovery.sweetbloods.org/ 0
0 45ms
37ms Stylesheet
text/html 51.161.57.15
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://recovery.sweetbloods.org/fonts.css
Requested by: Host: recovery.sweetbloods.org
URL: https://recovery.sweetbloods.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 51.161.57.15 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: p110.lithium.hosting
Software: Apache /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://recovery.sweetbloods.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:39:23 GMT
server: Apache
content-length: 315
content-type: text/html; charset=iso-8859-1

GET
H2 200 style.css
recovery.sweetbloods.org/ 16 KB
3 KB 48ms
39ms Stylesheet
text/css 51.161.57.15
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://recovery.sweetbloods.org/style.css
Requested by: Host: recovery.sweetbloods.org
URL: https://recovery.sweetbloods.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 51.161.57.15 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: p110.lithium.hosting
Software: Apache /
Resource Hash: fc73d86fc48db49601c8baf56c25eb882988e988cd72a7d03506a5116e5830db

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://recovery.sweetbloods.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:39:23 GMT
content-encoding: br
last-modified: Thu, 17 Aug 2023 20:49:08 GMT
server: Apache
etag: "4084-603248b213f0f-br"
vary: Accept-Encoding
content-type: text/css
x-hosted-by: Lithium Hosting, llc - https://lithiumhosting.com
accept-ranges: bytes
content-length: 2958

GET
H2 200 jquery.js Show response
recovery.sweetbloods.org/ 88 KB
30 KB 74ms
65ms Script
application/javascript 51.161.57.15
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://recovery.sweetbloods.org/jquery.js
Requested by: Host: recovery.sweetbloods.org
URL: https://recovery.sweetbloods.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 51.161.57.15 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: p110.lithium.hosting
Software: Apache /
Resource Hash: c4ae5268bef77000a0b3d189ab188bcd5a819ed731d3e2577ff75e22a5ab37b7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://recovery.sweetbloods.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:39:23 GMT
content-encoding: br
last-modified: Wed, 01 Mar 2023 23:16:08 GMT
server: Apache
etag: "15f5d-5f5dee5aaf0ed-br"
vary: Accept-Encoding
content-type: application/javascript
x-hosted-by: Lithium Hosting, llc - https://lithiumhosting.com
accept-ranges: bytes
content-length: 30431

GET
H2 200 bird2-light.png
recovery.sweetbloods.org/img/ 13 KB
13 KB 64ms
55ms Image
image/png 51.161.57.15
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://recovery.sweetbloods.org/img/bird2-light.png
Requested by: Host: recovery.sweetbloods.org
URL: https://recovery.sweetbloods.org/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 51.161.57.15 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: p110.lithium.hosting
Software: Apache /
Resource Hash: d16c62d21d407cec3782bf6de5ba189d5bec5f69e494642225d67bc1e0b3f634

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://recovery.sweetbloods.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:39:23 GMT
last-modified: Mon, 24 Apr 2023 00:35:52 GMT
server: Apache
etag: "341c-5fa0a30669eb8"
content-type: image/png
x-hosted-by: Lithium Hosting, llc - https://lithiumhosting.com
accept-ranges: bytes
content-length: 13340

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
933 B 143ms
48ms Stylesheet
text/css 142.251.40.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=League+Spartan:wght@300;400;600&display=swap

Requested by

Host: recovery.sweetbloods.org
URL: https://recovery.sweetbloods.org/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.106 Newark, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f10.1e100.net

Software

ESF /

Resource Hash

1f711384832b02fdd33528ff5694165d15b4e67af886f2e19cfdbdf06a8bd55e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://recovery.sweetbloods.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 31 Aug 2023 14:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 31 Aug 2023 14:39:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 31 Aug 2023 14:39:23 GMT

GET
H2 200 book3b.png
recovery.sweetbloods.org/img/ 3 MB
3 MB 84ms
84ms Image
image/png 51.161.57.15
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://recovery.sweetbloods.org/img/book3b.png
Requested by: Host: recovery.sweetbloods.org
URL: https://recovery.sweetbloods.org/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 51.161.57.15 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: p110.lithium.hosting
Software: Apache /
Resource Hash: 0741e729cedbfe8eac71dc570ce709486f80131d8282c0e1dc35c7c112db7b14

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://recovery.sweetbloods.org/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:39:23 GMT
last-modified: Tue, 30 May 2023 17:20:05 GMT
server: Apache
etag: "36887a-5fcec6a108d3d"
content-type: image/png
x-hosted-by: Lithium Hosting, llc - https://lithiumhosting.com
accept-ranges: bytes
content-length: 3573882

GET
H2 200 kJEqBuEW6A0lliaV_m88ja5TwvZwLZk.woff2
fonts.gstatic.com/s/leaguespartan/v11/ 24 KB
24 KB 200ms
41ms Font
font/woff2 142.251.35.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/leaguespartan/v11/kJEqBuEW6A0lliaV_m88ja5TwvZwLZk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=League+Spartan:wght@300;400;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.163 Marriottsville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f3.1e100.net

Software

sffe /

Resource Hash

7c5cfcbd829200ff3c2a547cdc10b61c27341e5af6b7a4434bbc6674e7b70b66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://recovery.sweetbloods.org
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:22:21 GMT
x-content-type-options: nosniff
age: 472622
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24064
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:09:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:22:21 GMT

GET
H2 200 Mathilga.woff2
recovery.sweetbloods.org/fonts/ 39 KB
39 KB 58ms
56ms Font
font/woff2 51.161.57.15
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://recovery.sweetbloods.org/fonts/Mathilga.woff2
Requested by: Host: recovery.sweetbloods.org
URL: https://recovery.sweetbloods.org/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 51.161.57.15 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: p110.lithium.hosting
Software: Apache /
Resource Hash: cef54cb70fe5422f7b0afc787a4b5473992c3773f1c23bddb4574795127fdb2a

Request headers

Referer: https://recovery.sweetbloods.org/style.css
Origin: https://recovery.sweetbloods.org
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:39:23 GMT
last-modified: Fri, 03 Mar 2023 19:06:39 GMT
server: Apache
etag: "9a5c-5f603a5228ea4"
content-type: font/woff2
x-hosted-by: Lithium Hosting, llc - https://lithiumhosting.com
accept-ranges: bytes
content-length: 39516

GET
H2 200 KelanoRemora.woff2
recovery.sweetbloods.org/fonts/ 34 KB
34 KB 73ms
71ms Font
font/woff2 51.161.57.15
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://recovery.sweetbloods.org/fonts/KelanoRemora.woff2
Requested by: Host: recovery.sweetbloods.org
URL: https://recovery.sweetbloods.org/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 51.161.57.15 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: p110.lithium.hosting
Software: Apache /
Resource Hash: 4dcfe1b588f9b3c4b9d7ab1123cc6749e5ed55823c5d88e442d4910f3cc9e538

Request headers

Referer: https://recovery.sweetbloods.org/style.css
Origin: https://recovery.sweetbloods.org
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 14:39:23 GMT
last-modified: Fri, 03 Mar 2023 19:06:39 GMT
server: Apache
etag: "8778-5f603a51e7ba1"
content-type: font/woff2
x-hosted-by: Lithium Hosting, llc - https://lithiumhosting.com
accept-ranges: bytes
content-length: 34680

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://recovery.sweetbloods.org/fonts.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
recovery.sweetbloods.org
142.251.35.163
142.251.40.106
51.161.57.15
0741e729cedbfe8eac71dc570ce709486f80131d8282c0e1dc35c7c112db7b14
1f711384832b02fdd33528ff5694165d15b4e67af886f2e19cfdbdf06a8bd55e
3eb29d1dd6771884fcd15c6a2420caee1a36766690e308532988580c3c591d37
4dcfe1b588f9b3c4b9d7ab1123cc6749e5ed55823c5d88e442d4910f3cc9e538
7c5cfcbd829200ff3c2a547cdc10b61c27341e5af6b7a4434bbc6674e7b70b66
c4ae5268bef77000a0b3d189ab188bcd5a819ed731d3e2577ff75e22a5ab37b7
cef54cb70fe5422f7b0afc787a4b5473992c3773f1c23bddb4574795127fdb2a
d16c62d21d407cec3782bf6de5ba189d5bec5f69e494642225d67bc1e0b3f634
fc73d86fc48db49601c8baf56c25eb882988e988cd72a7d03506a5116e5830db

recovery.sweetbloods.org Open in urlscan Pro 51.161.57.15 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

3637 kBTransfer

3710 kBSize

0 Cookies

1 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

recovery.sweetbloods.org Open in urlscan Pro
51.161.57.15 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

3637 kB
Transfer

3710 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions