I am having no problem accessing their website directly, but other people are having various issues. It definite goes to a bogus place when the address is found with a Google or Bing search.
Check out the three posts here ( and ignore the fourth poster ) :
the website works just fine, for a second it was blocked by ublock origin under badware risk list, I assume someone managed to alter their dns config and redirect to something spammy, but seems to be fixed.
the website registered with a chinese domain registrar, so it could be that the registrar servers were altered and been restored once discovered.
Those sites can very occasionally note something off but aren’t authoritative about a site being “clean”.
We can guess at the culprit here but it’s hard to build the model retroactively when it’s no longer presenting, without more forensic evidence and it seems to have been cleaned up from the hiccup.
One thing you can do if this is an issue would be to try whatever the most reliable public DNS server would be in your area over your ISP’s. I’ve been meh on Google as a company lately but they offer their own, I think Cloudflare also offers their DNS resolving etc.
You’re providing a cached link, stored by Google. If whatever DNS source it is using was poisoned, it will continue pointing from Google to the malicious site.
Yes but malicious ads are a constant problem, it’s not necessarily posted by Modal themselves.
If you’re only seeing this via a “sponsored link” and not directly you’ve got a completely different vector that may have been exploited. Just because the link suggests Modal doesn’t necessarily mean that the encoded metadata will be sending you there…
It’s also possible that there is/was a malicious URL that was added covertly to their site, but if this is coming from an ad campaign I wouldn’t be surprised if there was a redirect set up in the process to present you with one URL string but send you to a completely different site. One of these days I really ought to set up a campaign for my own understanding of the process.
Anyway, narrowing down the scope of the problem helps nudge towards what is more or less likely to be the case.
Interesting, the URL submitted to the adwords campaign may have been structured in a way that short-circuits some simpler analysis and would allow one URL to be visible but preserve a local redirect that takes you to the completely different site.
Still the possibility that their site hosting or some forums software had also been hacked, but I don’t really have the time to poke around there and the level of energy and possible result to come from combination of site hack and adwords campaign, just seems a lot of coordination even if a semi-automated process for both.
sqi parameter - site quality index? I don’t have a ton of info on how to decode usg.
I imagine there may be a malicious redirect (javascript or otherwise) encoded in usg and pushed to you when you click.
Malicious ad buys can encode simple scripting in a way that Google is often but certainly not always smart enough to recognize and while the modal URL is valid, and DNS intact, the entirely different URL and whatever minimal script to point you there are hidden, encoded in Google’s arcane parameters until they are served to your browser.
It still fails from Google for me, but as I’ve already concluded it’s not directly a problem with Modal’s web-site. I am no longer going to post on this.
I originally heard of this problem from an article in Synthanatomy.
