A few samples and live traffic captures from July 2010 while many stuxnet implants were still operational and calling home. Back then I was watching it as well, and had the chance to order bulk traffic dumps at country level and C2 addresses were already public information. If you have studied old reports, you should know how to decrypt these HTTP requests already.