Try cross referencing with IIS log files found under %SystemDrive%\inetpub\logs\LogFiles matching the IPs. You can also go one step further to really get an insight about client requests by enabling advanced loggin under IIS manager. More information here (Advanced Logging for IIS - Custom Logging | Microsoft Docs )
I am not sure what happened here, but I think, I have to wait for the update? Now, I have narrowed down to 5 different IP address, so maybe they are using some extra extension or something in their browser?
So it appears you have an extra corrupted BroadLogID hex value ?
As per the staff theory about the data being passed through to the redirection server being altered by something then perhaps it can be replicated if you add extra values to the redir link, I expect it to fail if it contains unexpected values, could it be the redir service not handling a particular request properly? uhmm not sure