(200 ok) ACCEPTED - Is this a hacking attempt?

I assume this is some type of hacking attempt. I've try to Google it but all I get are sites that look like they have been exploited already.

I'm seeing requests to one of my pages that looks like this.

/listMessages.asp?page=8&catid=5+%28200+ok%29+ACCEPTED

The '(200 ok) ACCEPTED' is what is odd. But it does not appear to do anything.

I'm running on IIS 5 and ASP 3.0. Is this "hack" meant for some other type of web server?

Edit:

Normal requests look like:

/listMessages.asp?page=8&catid=5

  1. May be the log is wrong. It looks like some part of answer inside URL. If it appears in IIS logs, try to watch the request URL using packet sniffer to ensure it is really such.
  2. May be some script gets malformed URL, e.g. it may be bug in your ASP site.

In general it may look like either highly specific or specially crafted crack attempt that is made to look like a bug, but I suppose it is not. You should also analyse previous and further requests from this user. If it is sometimes occur from different places with no other suspicious things, it is a bug, not crack attempts.


Are all the requests coming from one IP range? Have you tried running a packet capture to see what the full request headers look like?