Phishtank

1st Official Post

    I'm just wondering, when I test browser extensions on Phishtank at time in the past with F-Secure, and even now with Avast using Brave, there will be a slight flash of the red Brave/Chromium's warning page quickly overlaid with the Avast warning. At those times, are the AV browser extensions getting the phishing, webpage "information" from the browsers, Chromium's protection and then display their notice?

    In the past with F-Secure I think I've tried to disable the browsers protection to see if the AV extension would catch the page without the flash of the red screen being overlaid with F-Secure's warning, but it would still at those times load first (Brave's warning). With McAfee, that doesn't happen, it just shows its own warning (maybe quickly enough?).

    In going side by side on two different notebooks for about 35 minutes last night on Phishtank, one notebook with Avast, the other with McAfee, what at times one would miss, the other would pick up on. They were pretty much even in what they blocked. The advantage with McAfee it just displays the webpage warning, whereas Avast at times has the pop up along with the webpage warning which can at times get lost "behind" the webpage.

    Edited once, last by JonnyQuest (October 22, 2025 at 2:32 PM).

  • Go to Best Answer
    • Official Post
    Quote from JonnyQuest

    I'm just wondering, when I test browser extensions on Phishtank at time in the past with F-Secure, and even now with Avast using Brave, there will be a slight flash of the red Brave/Chromium's warning page quickly overlaid with the Avast warning. At those times, are the AV browser extensions getting the phishing, webpage "information" from the browsers, Chromium's protection and then display their notice?

    In the past with F-Secure I think I've tried to disable the browsers protection to see if the AV extension would catch the page without the flash of the red screen being overlaid with F-Secure's warning, but it would still at those times load first (Brave's warning). With McAfee, that doesn't happen, it just shows its own warning (maybe quickly enough?).

    In going side by side on two different notebooks for about 35 minutes last night on Phishtank, one notebook with Avast, the other with McAfee, what at times one would miss, the other would pick up on. They were pretty much even in what they blocked. The advantage with McAfee it just displays the webpage warning, whereas Avast at times has the pop up along with the webpage warning which can at times get lost "behind" the webpage.

    Basically i never use Phishtank. My wife doesnt allow me to use her laptop for testing too ^^

    • Best Answer
    • Official Post

    Usually to achieve these warnings and blocks, extensions and AV software add hooks to the browser and potentially, to the pages code.


    It takes a lot of know-how as to where exactly the hooks (be it in a page or in the browser memory) are best to be injected, to avoid this condition where the browser and the extension are “racing” who will block the page first.


    I’ve also noticed that McAfee works before the native browser features can block the page.

    This is similar to the file scanning as well, where the minifilter has to be injected at several different places (different altitudes) to ensure files are blocked before the user can open them.

  • Negan October 22, 2025 at 2:54 PM

    Selected a post as the best answer.

    Trident I have noticed that McAfee has a hard time with some pages. I've mentioned this before, but it cannot open dnsleaktest.com, even when disabling the real time protection in Total Protection settings (no ability to disable Web Protection alone).

    And to get onto my router page to confirm my TP-Link/Archer firmware is up to date, I had to disable the AV protection to get the page to load. I was getting a non-https page can't be opened message. I've always had to disable any VPNs I was using to get to the login page, but is there any option so I don't have to disable a key protection in McAfee to access that webpage?

    TIA :)

    Edited once, last by JonnyQuest (October 22, 2025 at 4:54 PM).

  • JonnyQuest October 22, 2025 at 4:12 PM

    Selected a post as the best answer.
    • Official Post
    Quote from JonnyQuest

    Trident I have noticed that McAfee has a hard time with some pages. I've mentioned this before, but it cannot open dnsleaktest.com, even when disabling the real time protection in Total Protection settings (no ability to disable Web Protection alone).

    And to get onto my router page to confirm my TP-Link/Archer firmware is up to date, I had to disable the AV protection the get the page to load. I was getting a non-https page can't be opened message. I've always had to disable any VPNs I was using to get to the login page, but is there any option so I don't have to disable a key protection in McAfee to access that webpage?

    Just test with Eset, i can open dnsleaktest.com, must be the extension or the program ? Trident

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login