I was doing some research on Firefox's extension, due to mere interest, and I found this old thread https://www.wilderssecurity.com/showthread.php?&t=249429 The link provided there to BetterPrivacy is -http://netticat.ath.cx/extensions.html When entering that website, I'm redirect to -http://nc.ddns.us/extensions.html?rdr=EwJCf_C%5D%2BIpRn2T%21xUi. This URL automatically tried to download a file called login.flash. If I enter -http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm then I'm redirected to -http://nc.ddns.us/BetterPrivacy/info.bypassflashblock info.bypassflashblock is actually a file that the URL tried to download to my system as well. I'm blocking Flash... so... maybe it detects it's blocked and this is related to it? I wonder what's its purpose. All I can see is some encrypted data in URLVoid URL dump page. Due to restrictions in place none of the files were downloaded to my system. Has anyone witnessed this behavior before? I don't see any mentions to any kind of test there, which is my doubt.