Very Strange Requests In My IIS Logs - Possible Hacker

Hopefully this is an appropriate forum for this question. I am noticing some
very strange activity on my web site over the last 3 or 4 days. My site is
using IIS running on Windows Server 2003 and I am using .Net Framework 3.5
with SQL Server 2005 on backend. I cannot tell if what I’m seeing is hacker
activity or some robot scanning my site or both. The problem is this:

I have a product detail page (ProductDetail.aspx) which, as you can probably
imagine, displays information for a specific product. It takes ProductID as
a query parameter. In my code behind, one of the first things I do is try to
convert the ProductID query parameter to a long integer so I can use it as a
SQL parameter value to query the database. If that conversation fails, I log
the Exception to an error table in the database and stop execution.

For the last few days, usually in the early morning US hours like 1:00 AM,
although there are a few during the day, I get exceptions in my error table
that the ProductID int conversion failed. I have correlated the times in my
error table to the IIS logs and I am seeing requests resembling the ones
below. A normal request would be something like ProductID=154 or something
like that but instead, I’m seeing…

ProductID=http%3A%2F%2Ftargi.pc-tuning.pl%2Fimages%2Fnews%2Faqa%2Fcib%2F
ProductID=http%3A%2F%2Fwww.unduetretoccaate.it%2Fcodice%2Ffog%2Fbiko%2F
ProductID=http%3A%2F%2Fwww.stomol.ru%2Fcatalog%2Frivoz%2Fifewaf%2F
ProductID=http%3A%2F%2Fwww.cusianagas.com%2Fadministrador%2Fciw%2Fasezu%2F
ProductID=http%3A%2F%2Fwww.blankner.ocps.net%2Fmedia%2Fyeloc%2Frepaw%2F
ProductID=http%3A%2F%2Fwww.polisgrandhotel.gr%2F_cm_admin%2Fmaillist%2Feditor%2Fplugins%2Fcore%2Fdialogs%2Fqunik%2Favacu%2F

What the bleep is that??? Do the strings above match any type of attack
profile that anybody is aware of? From what I can tell, it does not seem
like a SQL injection or anything of that nature. What is more alarming is
that the source IP addresses all originate from other countries such as South
Korea and Russia so I’m pretty sure that somebody is spoofing their IP, which
leads me to believe it is an attack of some sort. But if it is an attacker,
they don’t appear to spend much time on my site. I only see four or five of
these types of requests in my IIS logs each day and when I scan my logs for
the source IP addresses, it does not appear that they do anything else on my
site other than make a few normal requests for other pages like default.aspx
and a couple other random things that all appear to be harmless. I am happy
that they don’t spend much time on my site because that would suggest that
they are not finding anything interesting but if that is the case then why
the heck do they return every night?

Does anybody have any thoughts on what this might be and what my next course
of action should be? I cannot just deny access to the source IP because it
seems to change every day to source from some other country. This is very
strange and I’m not sure how to respond at the moment.

I appreciate any help you can offer.

Thanks,

Jim
.