I think that is actually an Azure IP address.

This is hardly the first time that someone has shown up from a MS range without a recognized MS UA.

This one rang a bell for other reasons, because of course it isn't the ordinary facebook UA

facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

(alternating, for reasons best known to themselves, with /1.0, sometimes even on the same visit). If it showed up just once or twice I'd assume the shorter version was a glitch in the request, but there are too many of them. Counting on fingers says the shorter version is around 1/60 of all (legitimate) requests. And apparently an unknown number of illegitimate ones.

Are they really requesting pages-and-nothing-else (now that's fishy), or was that an artifact of post editing and exemplifying?

I think that is actually an Azure IP address.

If it is, then it is not registered as Azure.

Here's an attempt from AWS...

35.161.92.22 - - [05/Jan/2017:14:54:30 -0800] "GET /example.html HTTP/1.1" 403 4985 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

I often use MaxMind's GeoIP demo for a quick lookup, and find it pretty reliable. They indicate the IP belongs to Microsoft Corporation (ISP), but that the organization is "Microsoft Azure".

Thanks robzilla

Sometime there's discrepancies between look-up services. It would make sense it's a perp on Azure.