islp on "[Plugin: Wordfence Security] Live traffic info"

Hello, I'm looking for an explanation.

I edited an .htaccess file so that a user can't directly call a .php file (they get a 404).

To test my .htaccess, I put an info.php file at the root level and another one under the wp-content directory. Then, I tried to access the files using the browser. Anything went fine and I could read my own traffic live with WordFence.

10 minutes later, I noticed a very strange thing: there were two attempts to access the same files (meantime I removed), this time from Ashbu, USA (I'm in Italy...), hostnames rigby03.embed.ly and rigby01.embed.ly, ips 54.221.198.105 and 54.204.20.250.

The question is: my info.php files were two custom php files, not something built in WordPress. How it is possible someone accesses two custom files I just created and removed?

https://wordpress.org/plugins/wordfence/