Can you explain this firewall and browser event

Discussion in 'other firewalls' started by act8192, Apr 13, 2011.

Thread Status:
Not open for further replies.
  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    My firewall rules allow Opera out by TCP to 127.0.0.1:44080 which is Antivir's localhost proxy port.
    I have NEVER seen Opera try for any other port, until today.
    When I was looking at a webpage, I got a firewall alert that Opera wants out, by TCP to 127.0.0.1 port 80.
    The site was
    -http://www.leaseguide.com/articles/best-gas-mileage-cars.htm-
    On this webpage were 3 links of which two, Edmunds and Yahoo! Autos, pointed to
    kqzyfj [.] com/click-817987-10364150 (I put dot in brackets)
    When I clicked Edmunds (expecting edmunds.com) my firewall threw a big red blocking alert, and that's when I noticed the bad link in Opera status bar.
    What do you think is going on? Clearly, false URLs.
    But what would make Opera try for local port 80? Immediate infection here by something like clickjacking?
     
    Last edited by a moderator: Apr 14, 2011
  2. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    176
    Are you using a hosts file?
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    Brilliant. Yes, I use MVPS hosts file and therein is
    127.0.0.1 www.kqzyfj dot com.

    I'm learning and this one is interesting. So because of the hosts entry, opera got redirected to local host but port 80. Is port 80 what I should normally expect on such a bad link?

    I know that whatever is in the hosts file, >16k lines, is redirected to local host IP, but I never gave any thought to which port might be involved.
     
  4. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    176
    Host files don't understand ports, so as far as I'm aware, it will present whichever port was requested when the item was blocked.
     
Loading...
Thread Status:
Not open for further replies.