It's impossible for an IPv4 endpoint to accept an IPv6 connection. Perhaps you have a dual-stack CDN with an unpublished IPv6 address that some users have found? Or your service is accepting third-party 'Forwarded' headers, which would allow HTTP clients to spoof their IP address.
