I would have to agree here. The only flag that would have been of concern would have been a PUT command, however the line you have shown is normal for a typical web browse. They may have been viewing the site from a MSFT application like Front Page, Word, Excel, etc.. At the same time they apparently copied an image from your site using their program of choice. ---- Charles Jones wrote: > I've seen similar to below when someone embeds a picture in an MS-Word > or PowerPoint document. I'm not sure how it happens, but sometimes when > they drag the picture in from a web page, it gets hotlinked to the URL, > so when someone opens the document, MS-Office fetches the image instead > of having a static copy of it. > > -Charles > > No - it's an apache server (Linux) > > > > access_log looks like > > > > IP_ADDRESS - - [05/Feb/2008:17:55:56 -0700] "OPTIONS /mccain.jpg > > HTTP/1.1" 200 - "-" "Microsoft Data Access Internet Publishing Provider > > Protocol Discovery" > > IP_ADDRESS - - [05/Feb/2008:17:55:57 -0700] "GET /mccain.jpg HTTP/1.1" > > 200 56535 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; > > rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11" > > > > This was the same ip address - just one second apart. I've never seen > > that before. > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Please visit http://www.iconnetworksolutions.com --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss