This is linked to this: Spam API Calls From Different IP's
There’s been a massive uptick recently in these, which suggests that somebody somewhere has clocked that Anvil is being used to build increasingly interesting stuff.
There’ll be a bot somewhere systematically hunting any and all active apps and working through a spray of all possible endpoints and endpoint variations, so: /u, /us, /use, /user, /users.
Looking at the structure of what I’ve been seeing, it seems apparent someone has been using ChatGPT to write the reconnaissance script. That does mean that anyone whose using ChatGPT to write their endpoints is likely to be in scope for getting pinged because the attack will be flavoured with the same endpoint suggestions.
Anyway, it’s not really a problem until they substantially raise their game - or someone leaves a door wide open.