You know that nebulous feeling that something is Not Right, but nothing is jumping up and hitting you in the face?
After some serious work with Regular Expressions, I've established that since late September, a seemingly normal iPad has been helping itself to my jpgs. Make that: a botnet all dressed up as iPads.
Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25
except for a few recent ones that had upgraded to
Mozilla/5.0 (iPad; CPU OS 6_0_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A523 Safari/8536.25
Both UAs are identical to my own iPad in the same time period.
No two IPs alike, and never more than one image on a visit-- except for one that was locked out and therefore tried eight times. (Can't for the life of me figure out why it was blocked, but I'm not complaining.) Come from all over the globe; in fact the only thing they have in common is that I've never met any of the IP ranges before.
Some images seem to be more popular, but no discernible pattern. Always jpg, no png or gif. In particular: no apple-touch-icons, which are png.
They're not returning to pick up images they saw on some earlier visit-- unless every single one used a completely different IP (I look for a.b.c. only), which stretches credulity.
Can anyone think of a perfectly legitimate explanation? Otherwise I'm inclined to rewrite them all to my one-pixel transparent gif. Request for jpg, no referer, user-agent iPad.