diff --git a/security/address-bar-spoofing/spoof-js-download-url.html b/security/address-bar-spoofing/spoof-js-download-url.html
index 677181a..a096bb5 100644
--- a/security/address-bar-spoofing/spoof-js-download-url.html
+++ b/security/address-bar-spoofing/spoof-js-download-url.html
@@ -11,7 +11,7 @@
       const w = open()
       w.opener = null
       w.document.write('<h1>Not DDG.</h1>')
-      w.location = 'https://tyny.to/s509a8'
+      w.location = '/security/address-bar-spoofing/download-redirect'
     }
   </script>
 </head>
diff --git a/server.js b/server.js
index b081daa..7ba834e 100644
--- a/server.js
+++ b/server.js
@@ -255,6 +255,12 @@ app.get('/redirect', (req, res) => {
     res.end();
 });
 
+// Returns a 301 redirect to a download link of our browser
+// for use in the address bar spoofing test
+app.get('/security/address-bar-spoofing/download-redirect', (req, res) => {
+    res.redirect(301, 'https://staticcdn.duckduckgo.com/macos-desktop-browser/duckduckgo.dmg');
+});
+
 app.use('/content-scope-scripts/', express.static('node_modules/@duckduckgo/content-scope-scripts/integration-test/test-pages/'));
 
 const blockingRoutes = require('./privacy-protections/request-blocking/server/routes');