home

api.downloadastro.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain api.downloadastro.com is registered by proxy through GODADDY.COM, LLC and was originally registered in August of 2012. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Chicago, Illinois within the United States which resides on the SingleHop, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Illinois, United States (US)

Create date:
Wednesday, August 8, 2012

Expires date:
Sunday, August 8, 2021

Updated date:
Tuesday, May 12, 2015

ASN:
AS32475 SINGLEHOP-INC - SingleHop,US

Root domain:
downloadastro.com

Whois:
2 downloadastro.com records

Scanner detections:
Detections  (94% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.MaxSetup.Z, PUP.SoftInstall.Y, PUP.installCore.Webcelle (M), PUP.installCore.SoftInst (M), PUP.installCore.MaxSetup (M), PUP.installCore (M)
100.00%

F-Prot
W32/InstallCore.R.gen, W32/InstallCore.R4.gen, W32/A-dbe1ec51
21.28%

ESET NOD32
Win32/InstallCore.BL potentially unwanted application, Win32/InstallCore.FD potentially unwanted application, Win32/InstallCore.CH potentially unwanted application
14.89%

Dr.Web
Trojan.MulDrop5.10078, Trojan.Packed.24524
12.77%

VIPRE Antivirus
InstallCore.b, Threat.4150696, Adware.InstallCore
10.64%

Malwarebytes
PUP.Optional.InstallCore, PUP.Optional.InstallCore.A
8.51%

ESET NOD32
Win32/InstallCore.OG (variant), Win32/InstallCore.FD, Win32/InstallCore.CH (variant), Win32/InstallCore.FD potentially unwanted
8.51%

McAfee
Artemis!E5E1C6E19DF4, Artemis!EE88C76A180E, Artemis!E87399F99B98
6.38%

Avira AntiVirus
Adware/InstallCore.OG, APPL/InstallCore.AT.13, PUA/InstallCore.Gen7
6.38%

Sophos
Install Core Click run software
6.38%

Vba32 AntiVirus
Downware.InstallCore
4.26%

SUPERAntiSpyware
PUP.InstallCore/Variant
4.26%

Comodo Security
Application.Win32.InstallCore.KAT
4.26%

avast!
Win32:Adware-gen [Adw]
2.13%

AVG
Generic
2.13%

The domain api.downloadastro.com has been seen to resolve to the following 8 IP addresses.

108.163.213.235
lb1.forsetup.com
June 18, 2015

67.212.189.251
f3.foresetup.com
November 29, 2014

216.104.32.44
lm2200.foresetup.com
November 10, 2014

198.143.161.75
f1.forsetup.com
August 7, 2014

184.154.153.114
downloadastro.com
August 1, 2014

184.154.153.106
serverab.downloadastro.com
May 5, 2014

184.154.190.91
dc-b90c4e43.downloadastro.com
December 13, 2013

184.154.153.118
phx1-sha-redirect-lb.cnet.com
August 7, 2013

File downloads found at URLs served by api.downloadastro.com.

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../en?callback=jsonpCallbackDownload&_=1397428136  (frostwire_en.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../en?callback=jsonpCallbackDownload&_=1372615075  (skype_69522_en.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../el?callback=jsonpCallbackDownload&_=1392712071  (utorrent_el.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1387220110  (microsoft_word_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1388841098  (virtual_dj_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1388841135  (dss_dj_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../ar?callback=jsonpCallbackDownload&_=1398114881  (kingsoft_office_ar.exe)

0 / 68
http://api.downloadastro.com/api/downloader/.../en?callback=jsonpCallbackDownload&_=1377684791  (business_cards_creator_en.exe)

3 / 68      (PUP)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1379330862  (video_download_toolbar_he.exe)

3 / 68      (PUP)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1381866048  (any_video_converter_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1378038441  (microsoft_office_he.exe)

0 / 68
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1386531100  (teamviewer_portable_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1399837985  (microsoft_powerpoint_he.exe)

3 / 68      (PUP)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1374139888  (divx_player_with_divx_codec_for_2k_xp_he.exe)

3 / 68      (PUP)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1385373011  (windows_media_player_he.exe)

24 / 68    (PUP)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1385060499  (minecraft_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?chnl=ga&callback=jsonpCallbackDownload&_=1391924662  (skype_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1389109187  (candy_crush_saga_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1389109217  (preflop_odds_memory_trainer_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1392506186  (alarm_clock_he.exe)

3 / 68      (PUP)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1387901767  (microsoft_office_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1395871009  (winiso_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1395509592  (winrar_64_bit_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1399968572  (avast_free_antivirus_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1394264060  (skype_recorder_he.exe)

6 / 68      (PUP)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1381595357  (r4_3ds_emulator_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1389355378  (emule_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../ar?callback=jsonpCallbackDownload&_=1399830306  (microsoft_office_ar.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1396272227  (microsoft_office_he.exe)

1 / 68      (Adware)
http://api.downloadastro.com/api/downloader/.../he?callback=jsonpCallbackDownload&_=1393583059  (hamachi_he.exe)

 
Latest 30 of 380 download URLs

The following 62 files have been seen to comunicate with api.downloadastro.com in live environments.

TCP » 108.163.213.235:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.163.213.235:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.163.213.235:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.163.213.235:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.163.213.235:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.163.213.235:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 108.163.213.235:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 108.163.213.235:80
UCBrowser.exe (by UCWeb)

TCP » 108.163.213.235:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 108.163.213.235:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 108.163.213.235:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 108.163.213.235:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.163.213.235:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.163.213.235:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 108.163.213.235:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 108.163.213.235:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 108.163.213.235:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 108.163.213.235:80
Client.exe

TCP » 108.163.213.235:80
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 108.163.213.235:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 71 files

URL:
http://api.downloadastro.com/

Web server:
nginx/1.9.12 (PHP/5.5.9-1ubuntu4.14)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.