[swaggyBoatswain]

Something I don't understand though is when I do a google search, google sometimes sponsors these phony sites.

One time I downloaded the wrong google chrome which was ironic because I was on google searching it.

Other examples that come to mind with different sites are popcorn.sh vs popcorn-time.to. There not the same repository.

Normally I just do a sanity check by checking the domain URL and checking if it has authority.

If its on sourceforge... I just assume its malware or has bundled PUPware on it, run it through antivirus and SHA/MD5 checks.

Ninite.com is pretty convenient I hope they don't get comprimised one of these days and get sold to a shady vendor