See:
http://productforums.google.com/forum/#!topic/webmasters/BvCXvGdFJ00I checked on this request: $xml = given there:
Firekeeper extension alerts for === Triggered rule ===
alert(url_content:"%3C"; url_content:"%22"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and %22. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
=== Request URL ===
http://www.google.com/search?client=flock&channel={flock:context}&q=%27IaNx75.~%25X%60JlFqp{Z%3DD[84mL^y*6Q!nk%22s(2i0%3F%2Cvg%2B%23b%26ARVSfeM%3E|%3A-HEO1U}zPr%409o3wBGcC_t)]Kujd%3BYTW%3C%24%2Fh%27%3B&ie=utf-8&oe=utf-8&aq=t
Checking the write-up here: wXw.vbseo.com/f255/url123-redirect-tried-everything-i-am-wits-end-54125/index8.html
avast! Web Shield blocks access to |{gzip} on this URI as infested with HTML-RedirDL-inf[Trj]
And again the avast! Web Shield has provided us with protection against this redirection because of a plug-in malcoded injection...
polonus
