Strange address blocked by Nod AV

A couple of times the past few days while I have had my browser (FF) open but not surfing, Nod popped up saying an address had been blocked. It just did it again as I am writing this message.

It says: Address has been blocked
www(dot)google(dot)com/url?sa=Tsource=webct=rescd...
208.69.36.230:80

Does anyone have any idea what this is?

I have a router and was using OpenDNS but turned OpenDNS off yesterday thinking it may have had something to do with it, but Nod just blocked it again a couple of minutes ago.

 

It sounds like a fake DNS record. Google has IP addresses 74.125.77.xxx. I'd suggest creating a log from SysInspector and checking it for suspicious files. You can also contact customer care and provide them the log for perusal (by default, it's attached to a support request when filling in the built-in support query form).

 

Well, maybe it's normal behavior, I just made it to http://www.neowin.net/forum/lofiversion/index.php/t765624.html

 

Ok thanks Marcos. I'll check out the log. Like you said it may be normal behavior.

 

google.com resolves to a different IP address also here when I change the DNS server to that provided by the OpenDNS service. Unfortunately, I'm not familiar with OpenDNS enough to answer why it is happening and why not when resolving other addresses.

 

I guess I am not familiar enough with it either. I am going to quit OpenDNS service for the time being till I find out what is going on.

I just realized that I had it turned off in the router but not on my pc network internet protocol properties, so that is probably why Nod blocked it again a few minutes ago.

 

Never had troubles with OpenDNS and NOD32 here. My google.com resolves to: 74.125.127.100 and google.nl to: 216.239.59.104

I don't have troubles connecting to 208.69.36.230 either with NOD32.

 

Hi All,

FWIW I had the same kind of thing happen to me the other day on an Amazon page. I tried loading the page in both FF and IE and kept getting a pop up, (sorry I don't have the exact wording), from Nod32 4.0.437 that a web address had been blocked. I finally figured out that it was a small ad on the bottom left of the page that was being blocked.

Larry

 

I didn't realize that Nod blocked ads.

 

Hi JohnnyDollar,

Neither did I, but this particular ad appeared to contain a link/url that Nod did not like! If I can find that particular page again I'll get a screen shot etc and post it here.

Also, the Amazon page itself was fully functional. Only the small ad contained a note "Blocked by Nod32".

Larry

 

Oh ok I see what you mean. I figured out that while using OpenDNS that the url with the IP address that Nod was telling me it was blocking was google. http://208.69.36.230/
I tried to get some answers at the OpenDNS forum, but didn't get a whole lot. One member told me it was google invading our privacy http://forums.opendns.com/comments.php?DiscussionID=4579&page=1#Item_6

So through the process of trying to figure it out I quit using OpenDNS, and will probably keep it that way. Nothing against them, but I did fine before I used them and I am doing fine now. I am a FF user. I don't know, I use better privacy and track me not to try to keep google off track. No script is good but was too much for my taste.