nihuo anlayzer provide stolen object analysis function, example report is available in www.loganalyzer.net/sample/Resources_Accessed.html#Stolen_Object
what current access_log analyzer do you use ?? example if you have webalizer or a modified version look at your referrers then look top to bottom at all unusual referrars top normally are all SE then you may find a bunch of social network sites referring to you - most of them are hotlinkers click on ALL the high traffic links of those social networks showing up as a referrer - usually you get near zero real / generic traffic from such networks - my experience has shown that most social network-backgrounds and displayed pics are hotlinked either within text or as bg I have high resolution wallpapers - 1600x12 or 1920x1920 ( widescreen ) most such files are from a few hundred kb to nearly a MB - hotlinked up to many ten thousands of times per months = some 10+ GB traffic per months by stolen/ hotlinked pics this a.b. procedure is fast if your referrers are clickable ( link in webalizer/angolizer ) hence now it's time for action - hotlink protection in .htaccess with the exclusion of all major SE image search - no definitely will NOT want to have their cached pages showing broken images or replacement images since you most likely may get valuable generic traffic form image search ( image search is my Nr 1 traffic from G !!) a result of possible action is seen in the background of http :// www .hi5.com/friend/117492608--Malu--Profile-html ( w/o spaces ) that a.m. sample hotlinker obviously forgot how to change bg - its running since many weeks with the currently displayed banner bg