Previously here [webmasterworld.com] (February 2017).

Saw it again in today's logs and was prompted to take a closer look.

IP every time I've seen it, going back to 2014:
99.229-232 (last time I checked, this was Rogers Cable)

UA, 2014:
HTTP/1.1

TinEye-bot/0.02 (see http://www.tineye.com/crawler.html)

requests, site A: page, sometimes with images (giving page as referer), each visit preceded by robots.txt
requests, site B: non-script piwik dot (only) belonging to sites A and C, each giving a relevant page as referer (I couldn't check Site C logs, but Site A coincides with a page visit)

UA, 2016:
HTTP/1.0 (every time)

TinEye-bot/0.51 (see http://www.tineye.com/crawler.html)

requests: page, preceded by robots.txt

UA, 2017:
HTTP/1.1

TinEye-bot/0.61 (see http://www.tineye.com/crawler.html)

request: image preceded by robots.txt
image request has implausible referer

UA, late 2017-present:

Mozilla/5.0 (compatible; TinEye-bot/1.31; +http://www.tineye.com/crawler.html)

requests: images only, again with highly implausible referer each time

The sample size is obviously not huge, but there was more than one of each.

I don't think I ever realized that they sometimes requested pages; the ones from 2016 were blocked, so out of sight out of mind. I have no reason to think the images over the past year were hotlinked; have they been coopted to partake in referer spam, or is it another attempt to fly under the radar? (Backfiring badly, if so.)