Scouting - Cloudflare issue?

Last week my domain showed logs of many “scouting” attempts to retrieve e.g.

  • /.env GET,
  • login.aspx GET etc.
    from my web facing API, which sits behind a Cloudflare DNS proxy

I have never experienced this before on either domain despite my APIs being up for multiple years. I assumed Cloudflare had simply stopped / blocked them from getting through in the past, but have I just been lucky to miss scouting so far? If not, is something changed in Cloudflare recently that might explain why the scouting attempts are suddenly “getting in”?