Unknown device traffic showing up in logs that I can't account for on my network

TLDR:

- How can an IPV6 device access nextdns on my network is my router has ipv6 disabled

- Alternately... how would a device OUTSIDE my network be configured to route traffic through my nextdns?

All my logs seem to makes sense, most show the device name, and I can track down unknown devices with some certainty (like a TCL TV that is "unknown" but is the only thing pingning TCL URLs I'm sure... but without further adiue:
...

ISSUE

...
I have an IPV6 IP device pinging tccprod01.honeywell.com in my logs.

The IPV6 is coming from TMO (TMO home internet ISP), but from different cities than my other TMO WAN IP(s), which change often.

1. IPV6 is disabled on my router, router is the only thing setup for NextDNS

2.  Googling said URL turns up results about honeywell thermostats. I don't have honeywell thermostats, they aren't smart t-stats, and even if they were i never connected them to this house we moved into. 

3.  I ran the command below on a windows machine on the network, and nothing matches the IPV6 in the logs, while arp -a shows expected devices, but no IPV6 results.

netsh interface ipv6 show neighbor

Like I say... all my other traffic makes sense, I'm suspicious it's harmless and maybe a TMO ISP anomaly since they do unkosher DNS redirection, but how an upstream device gets to NextDNS which is setup downstream seems like a mystery.

I had to do the CLI install of nextDNS from GITHUB on my DD-WRT router to even get nextDNS working from behind their CGNAT system.  "Normal" router configurations changes would fail to ever link to my account.

Just fishing for ideas... maybe this device is living on my network under my nose, but it ONLY pings tccprod01.honeywell.com , nothing else. I blocked the URL and nothing on my network is broken. I don't know why the TMO gateway would ping this URL either, if that's the case.