Ok after some further research, I find that none of the 4 IPs listed above in this post are officially registered. However, tracert reveals that 66.250.52.45 is apprently hosted by cogentco.com, 194.237.72.231 is hosted by telia.net and 194.213.194.37 by concert.net. A quick look at my history file shows that opening the bomb redirects you to several sites: adult-erotic-guide.com (64.159.91.200) is apprently hosted by level3.net, jambalala.com by cogentco.com and venusseek.com by level3.net again. Now the bad news. I've noticed two pop up windows that open after opening the xolox main page: usapromotravel.com and rated-**************s.com. The second one sounded an awful lot like adult-erotic-guide.com in it's naming convention. Sure enough, both of these sites are also hosted by level3.net. So now my question is, is someone highjacking Xolox's searches with or without Xolox's active participation? A tracert to www.xolox.nl has confirmed my suspicion as the last hop before getting to xolox.nl (213.133.42.240) is at level3.net. So, I wouldn't expect any resolution to these porn bombs any time soon. I still think Xolox is the best gnuella client, but I am greatly sadened this tur of events. I guess I'll just keep adding these sites to my webtrap.