It could be a chat preview generator. Users DM links to some internal project pages in an chat tool and the tool fetches the page in the background in an attempt to render a preview.
That was on my list of candidates as well! Those usually have a specific user agent making it clear what they are, they appear from a companies netblock (eg. Facebook, Microsoft) and cannot access authed pages (unless the key is in the url).
In this case these appeared to be all MitM'ed pages from a security device since the key wasn't in the url and it contained userids for a specific user.
In that case, the preview system would do (eg) GET https://example.com/private/page, but get a 401 Unauthorized response back, and have none of the page content or execute any of the scripts inlucded in that /private/page:
> * That somehow had the page content from a user
> * Would render and execute all scripts on that page as if it was that user
In this case these appeared to be all MitM'ed pages from a security device since the key wasn't in the url and it contained userids for a specific user.