How to remove notifications (ads) delivered by "defender" website

What are the "Defender" websites?

The "Defender" websites refer to a rogue site group that have the word "defender" in their second-level domain. Examples of pages in this family include wsdefender[.]xyz, modefender[.]xyz, sldefender[.]pro, and countless others.

These rogue webpages can endorse deceptive content and browser notification spam. Additionally, "Defender" pages can redirect users to other (likely dubious/malicious) websites. Most visitors access these types of webpages via redirects caused by sites utilizing rogue advertising networks.

"Defender" website group overview

"Defender" family websites have this word (amongst other words or characters) in their second-level domain, yet may have different subdomains and even top-level domains (e.g., ".pro", ".xyz", ".top", ".info", etc.).

The behavior of rogue pages (i.e., what they host/endorse) might differ depending on the visitor's IP address/ geolocation. The purpose of these webpages is to trick visitors into allowing the browser notification delivery. Many rogue sites use lures to achieve this goal, such as fake CAPTCHA verification tests, explicit adult-oriented content, and other types of clickbait.

These pages may even run various scams (e.g., "Congratulations! You Have Been Chosen!", "TotalAV - You Recently Visited Compromised Websites", "McAfee - Computer Infected With Potentially Critical Viruses", "Norton Subscription Payment Has Failed", "Coca Cola Survey", etc.).

Rogue websites use their browser notifications to run intrusive advert campaigns. The delivered ads can promote online scams (e.g., phishing, technical support, etc.), untrustworthy/harmful software (e.g., PUAs, adware, browser hijackers, etc.), and malware (e.g., trojans, ransomware, cryptominers, etc.).

In summary, via webpages like "Defender" – users can experience system infections, severe privacy issues, financial losses, and even identity theft.

Threat Summary:

Name	Ads by Defender
Threat Type	Push notifications ads, Unwanted ads, Pop-up ads
Observed Domains	wsdefender[.]xyz; modefender[.]xyz; sldefender[.]pro; xdefender[.]site; safetydefender[.]top; googledefender[.]info; bitdefender[.]top; ovdefender[.]pro; wrsdefender[.]pro; rdefender[.]online; etc.
Detection Names (wrsdefender[.]pro)	Seclookup (Malicious), Fortinet (Spam), Sophos (Spam), Full List Of Detections (VirusTotal)
Serving IP Address (wrsdefender[.]pro)	104.21.62.154
Symptoms	Seeing advertisements not originating from the sites you are browsing. Intrusive pop-up ads. Decreased Internet browsing speed.
Distribution Methods	Deceptive pop-up ads, false claims within visited websites, potentially unwanted applications (adware)
Damage	Decreased computer performance, browser tracking - privacy issues, possible additional malware infections.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Browser notification spam in general

Check-tl-ver, dm*.biz, and checkup are merely a few of our articles on rogue webpage groups. Sites of this kind display browser notifications promoting deceptive and malicious material. Remember that any genuine content encountered via these adverts is most likely endorsed by scammers who abuse its affiliate programs to acquire illegitimate commissions.

How did a "Defender" family website gain permission to deliver spam notifications?

Websites need user consent to deliver browser notifications. Hence, if you are receiving these advertisements from a "Defender" group website – it is evident that when the page was accessed, permission for their delivery was granted by clicking "Allow", "Allow Notifications", or a similar option.

How to prevent deceptive sites from delivering spam notifications?

It is important to be selective when enabling websites to deliver browser notifications. Suspicious pages must not be permitted to display these ads; instead, their requests have to be ignored or denied (i.e., by clicking "Block", "Block Notifications", etc.).

In case of continuous unprompted redirects to dubious sites, inspect the browser or system for installed adware. If your computer is already infected with rogue applications, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.

Screenshots of notifications (ads) displayed by Defender group websites:

Appearance of a Defender group website – wrsdefender[.]pro (GIF):

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is Ads by Defender?
• STEP 1. Remove spam notifications from Google Chrome
• STEP 2. Remove spam notifications from Google Chrome (Android)
• STEP 3. Remove spam notifications from Mozilla Firefox
• STEP 4. Remove spam notifications from Microsoft Edge
• STEP 5. Remove spam notifications from Safari (macOS)

Disable unwanted browser notifications:

Video showing how to disable web browser notifications:

Remove spam notifications from Google Chrome:

Click the Menu button (three dots) on the right upper corner of the screen and select "Settings". In the opened window select "Privacy and security", then click on "Site Settings" and choose "Notifications".

In the "Allowed to send notifications" list search for websites that you want to stop receiving notifications from. Click on the three dots icon near the website URL and click "Block" or "Remove" (if you click "Remove" and visit the malicious site once more, it will ask to enable notifications again).

Remove spam notifications from Google Chrome (Android):

Tap the Menu button (three dots) on the right upper corner of the screen and select "Settings". Scroll down, tap on "Site settings" and then "Notifications".

In the opened window, locate all suspicious URLs and tap on them one-by-one. Once the pop-up shows up, select either "Block" or "Remove" (if you tap "Remove" and visit the malicious site once more, it will ask to enable notifications again).

Remove spam notifications from Mozilla Firefox:

Click the Menu button (three bars) on the right upper corner of the screen. Select "Settings" and click on "Privacy & Security" in the toolbar on the left hand side of the screen. Scroll down to the "Permissions" section and click the "Settings" button next to "Notifications".

In the opened window, locate all suspicious URLs and block them using the drop-down menu or either remove them by clicking "Remove Website" at the bottom of the window (if you click "Remove Website" and visit the malicious site once more, it will ask to enable notifications again).

Remove spam notifications from Microsoft Edge:

Click the menu button (three dots) on the right upper corner of the Edge window and select "Settings". Click on "Cookies and site permissions" in the toolbar on the left hand side of the screen and select "Notifications".

Click three dots on the right hand side of each suspicious URL under "Allow" section and click "Block" or "Remove" (if you click "Remove" and visit the malicious site once more, it will ask to enable notifications again).

Remove spam notifications from Safari (macOS):

Click "Safari" button on the left upper corner of the screen and select "Preferences...". Select the "Websites" tab and then select "Notifications" section on the left pane.

Check for suspicious URLs and apply the "Deny" option using the drop-down menu or either remove them by clicking "Remove" at the bottom of the window (if you click "Remove" and visit the malicious site once more, it will ask to enable notifications again)

How to avoid browser notification spam?

Internet users should be very skeptical when being asked to allow notifications. While this is a useful feature that allows you to receive timely news from websites you like, deceptive marketers frequently abuse it.

Only allow notifications from websites that you fully trust. For added security - use an anti-malware application with a real-time web browsing monitor to block shady websites that tries to trick you into allowing spam notifications. We recommend using Combo Cleaner Antivirus for Windows.

Frequently Asked Questions (FAQ)

Why am I seeing ads (browser notifications) delivered by a "Defender" website in the right lower corner of my desktop?

You have likely visited a "Defender" group page and clicked "Allow", "Allow Notifications", or an analogous option on it. Keep in mind that no website can deliver browser notifications (adverts) without user consent.

I have clicked on notification ads, is my computer infected?

No, clicking on a browser notification is harmless. However, these advertisements can endorse content that is capable of causing severe issues (including malware infections).

Are "Defender" group websites considered viruses?

No, "Defender" websites are not classed as viruses, although they can endorse virulent content. Rogue webpages can promote online scams, unreliable/hazardous software, and even malware.

Will Combo Cleaner remove "Defender" group website ads automatically or manual steps are still required?

Yes, Combo Cleaner will scan your device and revoke the permissions granted to a rogue webpage. It will also deny further access to rogue, deceptive/scam, and malicious sites. Therefore, no additional steps will be necessary.

▼ Show Discussion