Those are requests generated by automated vulnerability scanners. Anyone (good and bad actors) can scan websites/apps and try to find vulnerabilities. For example by scanning for known security vulnerabilities or common misconfigurations.
These tools seem to have found the mendixcloud as well =) and many apps will show these log messages. It just means that an automated vulnerability scanner tried to find wordpress/admin.php (for example) and did not find it.
I know Mendix is working on some sort of application firewall, I believe based on the AWS WAF (Web application firewall) https://aws.amazon.com/waf/ to block requests like these.
These requests are in itself not harmful, though if there are many they might cause an impact on the Mendix servers processing all these requests. But the numbers I've seen today are quite low (in terms of traffic, like 500 a day per app).
The requests don't seem to be Mendix specific but just general scans for vulnerabilities and exposed sensitive information (like sql and password files).
It is still important to keep your app secure (Mendix continuously works on keeping the platform secure), like check your entity access, exposed constants, integrations etc.
tldr: No they are not triggered by Mendix, but from external sources (automated vulnerability scanners)