This is a new one on me:

2a03:2880:21ff:8::face:{redacted} - - [24/Aug/2018:21:50:17 -0700] "GET / HTTP/1.1" 200 6196 "https://www.facebook.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134" 

... et cetera for all components of a human request, including favicon and piwik, where they claimed a slightly implausible 2000x2000 resolution. (I checked. Only the facebook-whatever-it-is has ever given this. That makes them easy to spot.) Human requests to this site often come in mixed, but this was pure IPv6 from a Facebook range. It's easy to identify, because even though they own the whole /29--which is a vast territory in IPv6-land--one element is always the hexadecimal string “face”.

Further investigation reveals they've been doing this since December of 2017, but I didn't previously notice because other visits have been to IPv4 sites (I found an 66.220.149.abc and a 173.252.92.abc and then stopped looking). Referers variously blank, m.facebook, or www.facebook.

:: wandering off to study my log-wrangling code to figure out why this didn't get flagged as Facebook in the first place ::