Let me add some notes to this: 1. Placing microsoft.com in the so-called 'trusted zone', will render the site contents of e-gold.com in the 'trusted zone' 2. Opera fails, Mozilla functions 3. While it may appear to be related to the html form, the same can be achieved with a normal href or normal submit type html form: <a href="http://www.malware.com%2F redir=www.e-gold.com">test</a> 4. %2F may not be an actual requirement as that might only be site specific 5. So far no other server or domain other than e-gold on IIS 4 found [at least from here] <a href="http://www.microsoft.com%2F redir=www.e- gold.com">test</a> -- http://www.malware.com
