mariotstore.com → apperently is using Cloudflare. Is this your Website? Do you manage it under your CF account?
If so, if the above domain is your Website and you manage it, you should see such requests being either challenged or blocked at the Security tab → Events. Double-check which service is triggered and you’d be able to figure out to either disable a security feature, or temporarly allow your own IP address, or allow the IP address of the origin host/server, to bypass the requests coming from the plugin or WordPress itself.
It knows to happen due to the WordPress using HTTP/1.0 and empty user-agent, therefore while executing WP-Cron or some other related JSON/REST API request via plugin which triggers the WAF rules (as it should normally).