Weird User Request in access log

Question

I'm evaluating the AccessLog of our reverse proxy here and I came accross some weird user requests.

Th normal request would be, that the user requests a page with a form on it via GET Request: XXX.XXX.XXX.XXX www.example.de - [25/Jul/2023:07:31:01 +0200] GET /routetoform/ HTTP/1.1" 200 T ORIGIN "Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/114.0.1823.82 Version/16.0 Mobile/15E148 Safari/604.1"

And then when the user submits the form: XXX.XXX.XXX.XXX www.example.de - [25/Jul/2023:07:33:11 +0200] "POST /routetoform/ HTTP/1.1" 200 T ORIGIN "Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/114.0.1823.82 Version/16.0 Mobile/15E148 Safari/604.1"

What I find are a lot of request that do START with the second line, the POST Request, without having the first line. So the users START with sending the form, without even seeing it.

The user agent is always an iPhone Safari: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/114.0.1823.82 Version/16.0 Mobile/15E148 Safari/604.1

My thought was then "Hey, maybe, the user device got a new IP, right before the POST Request. So I search via User Agent, but I can't find another entry.

So, the user REALLY just popped into the POST Request.

I tried to find something about this behaviour in the net, but wasn't very successful.

Does any of have any idea what might cause this? The user agent doesn't really point to a bot and how the hell can someone enter a page with an "I just submitted the form"-Request?