Can you explain this firewall and browser event

My firewall rules allow Opera out by TCP to 127.0.0.1:44080 which is Antivir's localhost proxy port.
I have NEVER seen Opera try for any other port, until today.
When I was looking at a webpage, I got a firewall alert that Opera wants out, by TCP to 127.0.0.1 port 80.
The site was
-http://www.leaseguide.com/articles/best-gas-mileage-cars.htm-
On this webpage were 3 links of which two, Edmunds and Yahoo! Autos, pointed to
kqzyfj [.] com/click-817987-10364150 (I put dot in brackets)
When I clicked Edmunds (expecting edmunds.com) my firewall threw a big red blocking alert, and that's when I noticed the bad link in Opera status bar.
What do you think is going on? Clearly, false URLs.
But what would make Opera try for local port 80? Immediate infection here by something like clickjacking?

 

Are you using a hosts file?

 

Brilliant. Yes, I use MVPS hosts file and therein is
127.0.0.1 www.kqzyfj dot com.

I'm learning and this one is interesting. So because of the hosts entry, opera got redirected to local host but port 80. Is port 80 what I should normally expect on such a bad link?

I know that whatever is in the hosts file, >16k lines, is redirected to local host IP, but I never gave any thought to which port might be involved.

 

Host files don't understand ports, so as far as I'm aware, it will present whichever port was requested when the item was blocked.