GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: www.google.com
Connection: Close
                        

                            HTTP/1.1 302 Found
Location: http://www.google.cz/?gws_rd=cr&ei=7lrvUoy8EIbHswbkoYC4BA
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=10398eebe8a65aa6:FF=0:TM=1391418094:LM=1391418094:S=B_6JXGTd01JdWupq; expires=Wed, 03-Feb-2016 09:01:34 GMT; path=/; domain=.google.com
Set-Cookie: NID=67=bwFZNJqF1K_MZ25uaf5N-jBzHhlczyF8ciGkEaQOUc5peNW3y4aqsiDU2GmZaDc8rCohwZo57Xcmf_nOHIOqiW3SmA2gNElWhu1gMXa-6DviX4RwRzNELBC9ZHy2m054; expires=Tue, 05-Aug-2014 09:01:34 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Mon, 03 Feb 2014 09:01:34 GMT
Server: gws
Content-Length: 258
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic
Connection: close
                        

							<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Mov...
						

                            GET /?gws_rd=cr&ei=7lrvUoy8EIbHswbkoYC4BA HTTP/1.1
Accept: */*
Host: www.google.cz
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Close
                        

                            HTTP/1.1 302 Found
Location: https://www.google.cz/?gws_rd=cr&ei=7lrvUoy8EIbHswbkoYC4BA
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=bb095e05822cff56:FF=0:TM=1391418094:LM=1391418094:S=6Cu8cKd17CAq9X1_; expires=Wed, 03-Feb-2016 09:01:34 GMT; path=/; domain=.google.cz
Set-Cookie: NID=67=D9owfdZyORxowtCX6_7cnbFvnUKvqe84Ankn5OGQcCFAcD1Io3jIj7vKRlduHLdK6hxUgXND78LZf1iJAAae3h92cny6YlMrYLF9MDuKajbwVF3pKcOR7D_fdxv8ygmX; expires=Tue, 05-Aug-2014 09:01:34 GMT; path=/; domain=.google.cz; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Mon, 03 Feb 2014 09:01:34 GMT
Server: gws
Content-Length: 259
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic
Connection: close
                        

							<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Mov...
						

                            GET /?gws_rd=cr&ei=g2zvUvudGoKFtAbiqIGYBg HTTP/1.1
Accept: */*
Host: www.google.cz
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Close
                        

                            HTTP/1.1 302 Found
Location: https://www.google.cz/?gws_rd=cr&ei=g2zvUvudGoKFtAbiqIGYBg
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=e6d371022888a4f2:FF=0:TM=1391422595:LM=1391422595:S=n6IHm9MaDG6d5bi1; expires=Wed, 03-Feb-2016 10:16:35 GMT; path=/; domain=.google.cz
Set-Cookie: NID=67=WozKlgDwpWXHv3UXXvMhkXSU9Krf8vsgqdfRcGG9BP085oHYt_0vrtNAPdDvGfaWSob6eBGsrtjAKc2kh8Oy1meN4r2nb3ig0wkvcCKZTAJzF7LKcTcRb4tFxipdUww2; expires=Tue, 05-Aug-2014 10:16:35 GMT; path=/; domain=.google.cz; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Mon, 03 Feb 2014 10:16:35 GMT
Server: gws
Content-Length: 259
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic
Connection: close
                        

							<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Mov...
						

                            GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: pcqampjtctmbtobzleivojvzr.info
Connection: Close
                        

                            HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 03 Feb 2014 09:14:04 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Connection: close
                        

                            GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: pcqampjtctmbtobzleivojvzr.info
Connection: Close
                        

                            HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 03 Feb 2014 09:51:07 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Connection: close
                        

                            GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: bexhlzkjobugdeukxpknztytl.info
Connection: Close
                        

                            HTTP/1.1 200 OK
Date: Mon, 03 Feb 2014 09:19:49 GMT
Server: Apache/2.2.20 (Ubuntu)
X-Sinkhole: malware-sinkhole
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html
                        

                            GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: bexhlzkjobugdeukxpknztytl.info
Connection: Close
                        

                            HTTP/1.1 200 OK
Date: Mon, 03 Feb 2014 09:56:53 GMT
Server: Apache/2.2.20 (Ubuntu)
X-Sinkhole: malware-sinkhole
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html
                        

                            GET /?gws_rd=cr&ei=uGPvUvDqCMnTtAbT-YFg HTTP/1.1
Accept: */*
Host: www.google.cz
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Connection: Close
                        

                            HTTP/1.1 302 Found
Location: https://www.google.cz/?gws_rd=cr&ei=uGPvUvDqCMnTtAbT-YFg
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=26bd0b907529c448:FF=0:TM=1391420344:LM=1391420344:S=2nGJS5RQtEr54dXg; expires=Wed, 03-Feb-2016 09:39:04 GMT; path=/; domain=.google.cz
Set-Cookie: NID=67=EurnkXTYJvj9lBdE4oeuHObSVqGp1ASEr9KnoIYhn7MzHHZeXtVu5taRK6SKDVEP49-odkLVKcK51Ffu-3CjupgG2_t3hPrjLb3XAWL2ICHxTF3e9wwJvVUXsJjNY6sn; expires=Tue, 05-Aug-2014 09:39:04 GMT; path=/; domain=.google.cz; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Date: Mon, 03 Feb 2014 09:39:04 GMT
Server: gws
Content-Length: 257
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic
Connection: close
                        

							<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Mov...