Did you see a request from bingbot around the same time? I sometimes see msnbot/2.0b hitting a 404 on a URL that never existed, then logging bingbot/2.0 a few hours or days later to check for the same URL.

Ooh, I hadn't noticed that particular behavior. (Knowing me, you can imagine what a shameful admission this is.)

Searching for 404 + msnbot (available logs for the past year-plus) turns up a lone case of

40.77.167.84 - - [07/Mar/2020:02:47:25 -0800] "GET /t/footerDaily HTTP/1.1" 404 6433 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"

That was just yesterday; so far bingbot hasn't requested the same file. But, as with wilderness's observations, the request was for an URL that could never have existed on my site, no way, nohow. Wonder if they've got their shopping lists garbled? It isn't that unusual for a robot to attach one site's URLpaths to a different site's hostname.

Also worth noting: This lone request came in as HTTPS, in a site has only recently gone HTTPS. That suggests they have a site default protocol.

lammert,
the not so immediate (three hours earlier) request from msn

40.77.189.91 - - [07/Mar/2020:16:56:01 -0700] "GET /MAIN/DEFAULT.CSS HTTP/1.1" 403 717 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"

Only had three hits in the last seven days...

Either gearing up to be more prominent, or my site is such small change they are only getting around to me recently.

Life (and bots!) goes on...

Unusual requests continued for six days, although not really excessive.
Was waiting for a larger amount of requests before solution.
Past two and a half days they seem to have ceased.

I've had 4 hits since the 5th this month... Not too active ... waiting for the other shoe to drop!

Today, these requests from msnbot:

/Scripts/tz_fly.js
/Scripts/msgbox.js
/Scripts/searchArticle.js
/Scripts/searchCjfd.js

That is

https://www.example.com/Scripts/etc.

which, to the best of my knowledge, my WP site has never had and never will.

Verified Microsoft Bingbot IP: 157.55.....

It is possible that the bingbot/msnbot simply thinks 404s taste good. On my site they’ve got it easy because all they have to do is keep requesting
filename.html
for assorted old pages (and a handful of newer ones) whose name is really
FileName.html

:: detour to raw logs ::

Oh, looky here. I really should pay closer attention to my 404s.

40.77.167.ddd - - [18/Mar/2020:00:23:33 -0700] "GET /data/1.0/batch HTTP/1.1" 404 6433 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" 
40.77.167.ddd - - [18/Mar/2020:00:23:36 -0700] "GET /static/decodeKey.txt HTTP/1.1" 404 6433 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" 
157.55.39.ddd - - [18/Mar/2020:00:23:39 -0700] "GET /DemandLoadAjax HTTP/1.1" 404 6433 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" 
207.46.13.ddd - - [18/Mar/2020:00:23:44 -0700] "GET /CookiePingback?early=true HTTP/1.1" 404 6433 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" 
157.55.39.ddd - - [18/Mar/2020:00:24:06 -0700] "GET /GARecord HTTP/1.1" 404 6433 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" 
157.55.39.ddd - - [18/Mar/2020:00:24:09 -0700] "GET /data/graphql/batched HTTP/1.1" 404 6433 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" 

That kind of thing can hardly be anything but attaching one site's paths to a different site's host.

What I have noticed since first of the month is that a range of 13.66 that I have blocked is followed by msn.com requests, some for valid files, the others for oddities .js or /yts at double/triple the 13.66 hit(s). The UA changes, nothing consistent, though the IPs are all M$...

On three different days ... this is not an everyday for me...

Just filling in some data blanks.

My exhilaration was shot lived.
MSN bot assuredly up to something, and acting like a rogue bot looking for vulnerabilities.
Not going to tolerate their activity much longer and will simply deny all their bots (don't care).

Yesterdays logs.
40.77.167.145 - - [20/Mar/2020:15:45:08 -0700] "GET /cart/checkcart HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.145 - - [20/Mar/2020:15:45:08 -0700] "GET /get_categories HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.163 - - [20/Mar/2020:15:45:12 -0700] "GET /cart/pageLogo?page_type=1 HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.163 - - [20/Mar/2020:15:45:12 -0700] "GET /ccc_bottom_policy HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.163 - - [20/Mar/2020:15:45:12 -0700] "GET /image/cookieId.html?cookieid=2A6B468F_35AC_4544_7939_51E905DF4DE4 HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
207.46.13.161 - - [20/Mar/2020:15:45:17 -0700] "GET /student-discount/getUniStdSiteOpen HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
157.55.39.227 - - [20/Mar/2020:15:45:46 -0700] "GET /abt/userinfo HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
157.55.39.227 - - [20/Mar/2020:15:45:46 -0700] "GET /judgeIP HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
157.55.39.227 - - [20/Mar/2020:15:45:46 -0700] "GET /user/auth/getUserInfo HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
157.55.39.227 - - [20/Mar/2020:15:45:46 -0700] "GET /user/wishlist/checkWishGood?goods_id=216531 HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.163 - - [20/Mar/2020:17:24:40 -0700] "GET /yts/cssbin/www-guide-vflybhooe.css HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.163 - - [20/Mar/2020:17:24:40 -0700] "GET /yts/jsbin/spf-vflqCgDoF/spf.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.145 - - [20/Mar/2020:17:47:33 -0700] "GET /yts/cssbin/player-vflpSimvw/www-player.css HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.145 - - [20/Mar/2020:17:47:33 -0700] "GET /yts/cssbin/www-home-c4-vfl182B0f.css HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.145 - - [20/Mar/2020:17:47:33 -0700] "GET /yts/jsbin/www-en_US-vflU7j0hB/base.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.127 - - [20/Mar/2020:19:13:51 -0700] "GET /js/9e8991a.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.127 - - [20/Mar/2020:19:13:51 -0700] "GET /recommender/embed.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
207.46.13.97 - - [20/Mar/2020:19:13:56 -0700] "GET /js/6f711f5.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
207.46.13.97 - - [20/Mar/2020:19:13:56 -0700] "GET /recommender/embed.css HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
157.55.39.227 - - [20/Mar/2020:19:14:15 -0700] "GET /css/68cc884.css HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
207.46.13.191 - - [21/Mar/2020:00:22:23 -0700] "GET /hist.php?g=1351251 HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
207.46.13.97 - - [21/Mar/2020:00:22:27 -0700] "GET /analytics.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
157.55.39.227 - - [21/Mar/2020:00:22:33 -0700] "GET /fr/recommended/1351251 HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
157.55.39.227 - - [21/Mar/2020:00:25:31 -0700] "GET /yts/cssbin/www-core-vflRlRixQ.css HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
157.55.39.227 - - [21/Mar/2020:00:25:31 -0700] "GET /yts/jsbin/scheduler-vfl3S_KkK/scheduler.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
157.55.39.227 - - [21/Mar/2020:00:25:31 -0700] "GET /yts/jsbin/www-en_US-vfl5amHj-/base.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
207.46.13.97 - - [21/Mar/2020:00:25:35 -0700] "GET /yts/cssbin/player-vflpSimvw/www-player.css HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
207.46.13.97 - - [21/Mar/2020:00:25:35 -0700] "GET /yts/jsbin/player_ias-vflGnuoiU/en_US/base.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
40.77.167.163 - - [21/Mar/2020:00:26:19 -0700] "GET /yts/jsbin/www-pagead-id-vfl_r4ud9/www-pagead-id.js HTTP/1.1" 404 155 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"

This may be the wrong bot thread for this little irritation, but in perusing some stats for my WordPress site today I found this charming tidbit buried deep in big G's page record gullet for my site:

/[my host]_phpmyadmin/mysql.example.com/tbl_structure.php?db=[my custom database name]&token=[alphanumeric string]&table=[my custom table name][an old security plugin abbreviation]_lockouts&pos=0

Appended to https://www.example.com, the page ends up at the login page for my mysql database. The page record itself isn't indexed, thank goodness.

Just a heads up for what our panopticon is hoarding and treasuring in addition to all our children's sexting images.

Really leery about commenting on this thing!
lucy helped with a rewrite (thanks) based upon previously requested directories.
When finally put in place had nineteen (and could have included more).
They ate a handful of 403's and the 'absurd' requests requests have stopped for nearly a week.
Perhaps they were just testing 404's, perhaps msn had some other purpose. Who know's.