Hi seindal,

I've never seen this myself - but there is a good chance that someone else here has and may have an answer to your question. It's been a bit quiet here yesterday and today... but that'll change!

*bump*

I can't give you a definite answer, but I'd guess it's a spammer looking for addresses. I've blocked a number of IPs from China and other Asian countries for similar abusive conduct.
I checked the IP 61.150.12.49 at openrbl.org and it has 6 out of 30 spam groups showing it positive for allowing spamming activity.

He was taking the images too. I had a close look at his session, and it looked fairly normal. He entered, fetched a few pages including all graphics and them left.

I regularly do a referrer scan of the logs to see how links to me and to see if I have too many links directly to the photographs. I have almost 6000 photos from Italy online, and sometimes people use them directly from my server, which I think is cheating. Normally the photos all have a referrer from my site, from the page they are shown on, by suddenly there was a lot of images referred directly from a site, that had no links to me and none of my photos.

I have recently seen a similar thing, but this time it was from Germany. Again something that seemed a completely legitimate visit.

Maybe it is just a browser bug?

René.

I'm not sure if you can get too excited about a fake referer.

There are third party proxy programs which you can set to any referer you want. And I can set my Mozilla to googlebot 2.1 or anything else I want to very easily.

I had a close look at his session, and it looked fairly normal

Probably was just that. Nothing but a fake referer string.
[big edit]
<brain f*rt>Sorry, thinking about UA strings</brain f*rt>

Sorry, could be a bot, but if it acted normally, I don't see why the same kind of third party proxy software couldn't set a referer to something static, most that I've seen just strip it out and it's not sent.