I would like to sanitize url's so I will not see these kind of entries in my
log again.
Does anyone knows what he's trying to do? 
They are traveling through my reverse proxy and are passed on to my
lighttpd-server. I think they are some kind of hacking attempts.

Can someone please advice?

This is part of my lighttpd log (replaced my domain with mydomain.com) the IP
is real.
119.202.149.89.in-addr.arpa     name = saugnapf.piracy-insi.de.

89.149.202.119 mydomain.com - [16/Sep/2009:19:36:10 +0200] "GET /imdb HTTP/1.1"
200 22077 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
89.149.202.119 mydomain.com - [16/Sep/2009:19:36:14 +0200] "GET /name/[%5E
HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
89.149.202.119 mydomain.com - [16/Sep/2009:19:36:15 +0200] "GET
/%5C%22/wga%5C%22 HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1)"
89.149.202.119 mydomain.com - [16/Sep/2009:19:36:16 +0200] "GET /title/[%5E
HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
89.149.202.119 mydomain.com - [16/Sep/2009:19:36:18 +0200] "GET
/%5C%22%22.$site, HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1)"
89.149.202.119 mydomain.com - [16/Sep/2009:19:36:19 +0200] "GET /([%5E
HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
89.149.202.119 mydomain.com - [16/Sep/2009:19:36:22 +0200] "GET /%5C%22%22);
HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
89.149.202.119 mydomain.com - [16/Sep/2009:19:36:27 +0200] "GET
/%5C/title%5C/tt(%5Cd+)%5C/.*%5C HTTP/1.1" 404 345 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)"

On Wed, 2009-09-16 at 22:08 +0200, Jean-Pierre van Melis wrote:[...]

They are looking for weak spots. You can't realistically filter them out
unless you know exactly what you would like to block - there's too many
of them.[...]