I'm not quite sure what I'm seeing here. Today I see 15 attempts from a Fecebook IP to contact something on my office LAN I think around 10 pm local time last night (and looking back, also seeing 8 attempts on April 13, but no others).

The source IP was 69.171.250.34 which is edge-mqtt-mini-shv-01-any2.facebook.com.

Seeing mqtt in the host name is interesting.

The source port was 443. The destination port was 43160 (on April 13 it was 40388).

The destination ports may have no bearing on this if this was an attempt to get through a router using a NAT keep-alive strategy. My router blocked these as a WAN-IN drop (I think an unsolicited packet).

I don't run an mqtt server, but I do have a couple of devices that I've flashed with Tasmota but don't have them configured to use MQTT. There is possibly 1 user at the office that may interact with FB on their desktop computer or phone, but otherwise interacting with FB on any device in the office is going to be pretty rare (reinforced through host-file entries on most PC's).

Those of you that look strictly at web logs (ports 80 and 443) wouldn't see traffic like this, it would only be seen in your router.

Does FB indeed have mqtt interoperability with user devices? And if so, how or why would FB be knocking on my door this way?