Naturally I had a look at the named referer and found your basic hotlinking page. The googlebot does occasionally give a referer when asking for an image or other subsidiary file; this one just happened to be a hotlink, so they started out on someone else's site. Shrug, move on, file and forget.
And then I find another one. Again, the identical IP that the googlebot uses in its ordinary visits.
/dir1/dir2/ are the same both times, but this may be coincidence; the file itself is different.
The noteworthy bit: Hotlinker #1-- which happened to be German-- could be passed off as the generic hotlinker. Didn't look very closely. (It was definitely not google.de image search, as suggested at the time.) Hotlinker #2 is unequivocally pure spam [google.com]. Based in the US, registered with GoDaddy, yawn.
I seriously doubt this has anything to do with my site. It's the googlebot investigating ... what, exactly?
I have entire countries blocked as referers :) Most come attached to IPs that are blocked in their own right, but it's good to have the extra layer.
Images with fake referers run smack into assorted hotlink routines* so I barely notice them. But in these two cases there never was a human visit. Only the googlebot-- and you can hardly claim that it needs to use referer spam! Especially since each originating site really does have a hotlink to my image.
* Rewrite to single-dot gif, rewrite to NO HOTLINKS image, rewrite to thumbnail version of requested image, or redirect to custom page.