Astar VPN - Free and fast VPN for everyone

Astar VPN - Free and fast VPN for everyone

ID: jajilbjjinjmgcibalaakngmkilboobh

Supported Languages

🇨🇳Chinese (Simplified)
🇺🇸English

Extension Info & Metadata

Status
Active
Version
1.3.8
Size
5.38 MB
Rating
4.6/5
Reviews
4,700
Users
200,000
Type
Extension
Updated
Jan 25, 2026
Category
Privacy & security
Price
Free
Featured
No
Visibility
Listed
Mature
No
By Google
No
Trusted
No

Publisher Contextual Analysis

Author
https://astarvpn.com/index.htmlView Profile
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
No
Mailbox exists
Yes
Website
Visit
Total Extensions
2
Active
2
Obsolete
0
Listed
2
Unlisted
0
Total Users
200,010
Screenshot 1
Screenshot 2

Astar VPN - Free and fast VPN for everyone

Astar VPN - Free and fast VPN for everyone, encrypt your connection, access our secure proxy servers and unblock websites easily. Astar VPN is a plug-and-play product that can be used immediately after installation. Click the "Connect" button to establish a secure and fast proxy tunnel between you and our VPN server. After the proxy is successfully enabled, the browser's WebRTC function will automatically stop; after the proxy is stopped, the browser's WebRTC function will also start. Global proxy and designated proxy functions. Global proxy: All requests go through the proxy, and support blacklist settings for domain names that do not go through the proxy. Designated proxy: Specify the domain name to go through the proxy. Ad Blocker: Block ads, disable trackers, and prevent your data from being collected.

Item
Type
Severity
Description
proxy
Permission
Critical
This permission allows the extension to control the browser's proxy settings. Rated Critical because it can route all traffic through potentially malicious proxies, enabling man-in-the-middle attacks and traffic monitoring.
webRequest
Permission
Critical
This permission enables the extension to monitor and analyze all web requests made by the browser. Rated Critical because it can observe all network traffic including sensitive data, track browsing behavior, and gather authentication tokens.
webRequestAuthProvider
Permission
Critical
This permission allows the extension to handle authentication requests and modify authentication headers. Rated Critical because it can intercept login credentials, session tokens, and modify authentication flows to compromise accounts.
declarativeNetRequest
Permission
Critical
This permission allows the extension to define rules to block, redirect, or modify network requests. Rated Critical because it can control all network traffic, potentially blocking security updates or redirecting to malicious sites.
declarativeNetRequestWithHostAccess
Permission
Critical
This permission combines network request modification with host permissions. Rated Critical because it can modify requests for specific domains, potentially targeting sensitive websites with precise attack rules.
privacy
Permission
Critical
This permission allows modification of Chrome's privacy settings. Rated Critical because it can disable security features, modify network configurations, and compromise browser security settings.
scripting
Permission
Critical
This permission allows injection and execution of JavaScript on any webpage. Rated Critical because it can modify page content, steal sensitive data, and inject malicious code into any site the extension has access to.
<all_urls>
Host
Critical
Broad host access — the extension can read/modify content on every website.
history
Permission
High
This permission grants access to your complete browsing history. Rated High because it can track all visited websites, reveal sensitive browsing patterns, and expose private information.
Broad Host Permissions
Risk Factor
High
This extension has broad host permissions allowing it to access many or all websites.
Broad Content Script Access
Risk Factor
High
This extension can inject scripts into any website.
declarativeNetRequestFeedback
Permission
Medium
This permission provides network request modification logs. Rated Medium because it can monitor network request changes and debug traffic modifications.
management
Permission
Medium
This permission manages other installed extensions. Rated Medium because it can enable/disable other extensions and modify their settings, with changes being visible to users.
storage
Permission
Medium
This permission allows storing data locally in the browser. Rated Medium because it can persist sensitive user data, track user activities over time, and potentially store malicious payloads.
unlimitedStorage
Permission
Medium
This permission removes storage quota restrictions. Rated Medium because it can store large amounts of user data without limits, potentially impacting browser performance and storing extensive tracking data.
tabs
Permission
Medium
This permission enables tab management and monitoring. Rated Medium because it can track open tabs, access tab metadata, and monitor user browsing patterns.
alarms
Permission
Low
This permission schedules periodic tasks. Rated Low because it can only trigger events at specified times without access to sensitive data.
notifications
Permission
Low
This permission displays system notifications. Rated Low because it can only show user-visible notifications without accessing system data.

The extension uses an anti-debugging technique: it calls debugger and measures the elapsed time. If the debugger is active, the delay exceeds 100ms, and the extension reloads to avoid analysis. This is a common tactic in malicious code to hinder reverse engineering.

assets/index.ts-92abda20.js (Line 2300)
checkSafe() {  let l = performance.now();  debugger;  performance.now() - l > 100 && chrome.runtime.reload()}

The extension sends personal data (login ID, hashed password, device UUID, OS, browser, etc.) to dynamic remote domains (iosedge.com, cloudpleace.com, allinkstous.com) that are not disclosed in the CWS privacy policy. The listing states 'none declared' for data collection, which is false.

assets/index.ts-92abda20.js (Line 800)
async bgPost(l, a) {  try {    let e = await n.storage.get("chrome_ext_lang");    const t = await n.storage.get("os"),      v = await n.storage.get("browser");    let p = e == "en" ? "en_US" : "zh_CN";    a.lang = p, a.os = t, a.browser = v;    const w = await this.fetchWithRetry(await this.getHttpDomain(l), {      method: "POST",      headers: {        "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8"      },      body: this.toParams(a),      timeout: 1e4,      retries: 1    });    return w.status !== 200 ? {      nCode: -99    } : await w.json()  } catch (e) {    ...  }}async getHttpDomain(l) {  const a = {    one: "iosedge.com/astarnew",    two: "cloudpleace.com/astarnew",    three: "allinkstous.com/astarnew"  };  let e = "",    t = await n.storage.get("serverLine"),    v = a[t];  if (v) v.indexOf("ip") == 0 ? e = v : e = "." + v;  else {    let B = await n.storage.get("xLine");    B ? e = B.split(",")[Number(t)] + "/astarnew" : e = "." + a.one  }  let p = "",    w = new Date,    g = "b" + w.getFullYear() + (w.getMonth() + 1) + w.getDate() + w.getHours() + "re";  return e.indexOf("ip") == 0 ? e.indexOf("ips") == 0 ? p = "https://" + e.substring(3) : p = "http://" + e.substring(2) : p = "https://" + g + e, p + l}

Removes X-Frame-Options and Frame-Options headers for connect.freevpnplanet.com, a domain not listed in the publisher's privacy policy. This could enable clickjacking attacks on that domain.

data/responseHeaders.json (Line 1)
[  {    "id": 1,    "priority": 1,    "action": {      "type": "modifyHeaders",      "responseHeaders": [        {          "header": "X-Frame-Options",          "operation": "remove"        },        {          "header": "Frame-Options",          "operation": "remove"        }      ]    },    "condition": {      "urlFilter": "*://connect.freevpnplanet.com/*",      "resourceTypes": [        "sub_frame"      ]    }  }]

By severity

Critical1
High1
Medium0
Low1

Versions scanned

Showing 1 of 30 scanned versions with more than one unique finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
1.3.83

Files with findings

2 distinct paths — top paths by unique finding count:

  • assets/index.ts-92abda20.js2
  • data/responseHeaders.json1
S.No.
Category
Severity
File
Summary
Found in Version
1Obfuscation
critical
assets/index.ts-92abda20.js (line 2300)The extension uses an anti-debugging technique: it calls debugger and measures the elapsed time. If the debugger is active, the delay exceeds 100ms, and the extension reloads to avoid analysis. This is a common tactic…
2Unauthorized Data Collection
high
assets/index.ts-92abda20.js (line 800)The extension sends personal data (login ID, hashed password, device UUID, OS, browser, etc.) to dynamic remote domains (iosedge.com, cloudpleace.com, allinkstous.com) that are not disclosed in the CWS privacy policy.…
3Network Interception
low
data/responseHeaders.json (line 1)Removes X-Frame-Options and Frame-Options headers for connect.freevpnplanet.com, a domain not listed in the publisher's privacy policy. This could enable clickjacking attacks on that domain.
URLs
951
IPv4
56
IPv6
1

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

advertisesimple.info//http://advertisesimple.info/\
clicks.totemcash.com//http://clicks.totemcash.com/\
globsads.com//http://globsads.com/\
go.cm-trk2.com//http://go.cm-trk2.com/\
homemoviestube.com//http://homemoviestube.com/\
join.hardcoreshemalevideo.com//http://join.hardcoreshemalevideo.com/\
join.michelle-austin.com//http://join.michelle-austin.com/\
join.rodneymoore.com//http://join.rodneymoore.com/\
join.shemale.xxx//http://join.shemale.xxx/\
join.shemalepornstar.com//http://join.shemalepornstar.com/\
Showing 1 to 10 of 960 rows
Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.

78.142.19.8
IPv4
-
37.1.203.156
IPv4
-
37.1.204.76
IPv4
-
37.1.205.47
IPv4
-
37.1.206.121
IPv4
-
37.1.206.95
IPv4
-
37.1.207.130
IPv4
-
37.1.207.65
IPv4
-
37.1.217.105
IPv4
-
5.45.65.153
IPv4
-
5.45.70.162
IPv4
-
5.45.86.39
IPv4
-
23.109.87.42
IPv4
-
162.252.214.4
IPv4
-
167.99.31.227
IPv4
-
23.109.87.101
IPv4
-
35.232.188.118
IPv4
-
37.1.209.213
IPv4
-
51.77.227.100
IPv4
-
51.77.227.101
IPv4
-
51.77.227.102
IPv4
-
51.77.227.103
IPv4
-
51.77.227.96
IPv4
-
51.77.227.97
IPv4
-
51.77.227.98
IPv4
-
51.77.227.99
IPv4
-
51.89.187.136
IPv4
-
51.89.187.137
IPv4
-
51.89.187.138
IPv4
-
51.89.187.139
IPv4
-
51.89.187.140
IPv4
-
51.89.187.141
IPv4
-
51.89.187.142
IPv4
-
51.89.187.143
IPv4
-
167.206.10.148
IPv4
-
35.178.185.67
IPv4
-
185.180.196.178
IPv4
-
5.101.115.170
IPv4
-
5.101.117.198
IPv4
-
62.109.18.206
IPv4
-
62.210.94.26
IPv4
-
88.85.75.147
IPv4
-
95.213.229.88
IPv4
-
95.213.231.34
IPv4
-
188.93.22.165
IPv4
-
50.7.134.117
IPv4
-
82.196.1.83
IPv4
-
0.0.0.1
IPv4
-
185.165.169.108
IPv4
-
185.193.38.148
IPv4
-
35.194.26.233
IPv4
-
35.239.57.233
IPv4
-
45.32.105.134
IPv4
-
77.162.125.199
IPv4
-
1.2.3.4
IPv4
-
192.168.1.1
IPv4
-
1:2:3:4:5:6:7:8
IPv6
-
Showing 1 to 57 of 60 rows
Rows per page:
Showing 1 to 10 of 30 rows
Rows per page:

Code Diff

Compare extension code between any two versions.

0 changed files (scanned top 25 shared text files)

No comparable text files found between these versions.

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.