Honestly it looks like an incorrectly configured spider or browser spoofer. I am sure you are aware the IP 1.1.1.1 is not a valid IP for and use, it is a reserved number much like 192.168.*.* or 255.255.255.* It is most likely a default setting in a program that provides a false referrer. The site referrer also saying "sitename" looks like a default setting. Can you build a cross reference using your server access logs to identify which IP provided that false referrer? You may want to just keep an eye on it in case it is a botnet attempting to find vulnerabilities in your server. (Not as likely but possible.)
