Based on these HTTPS requests what type of attack is this?

Based on these HTTPS requests what type of attack is this?

I'm seeing over 1000 attempts to hit my API endpoints with many 500 responses. It seems clear that the would-be attacker is attempting to poke around the APIs, but it isn't clear to me what type of attack they're attempting. Hoping someone here can identify this.

Many of the requests include a random string in a handful of locations, e.g. zcexystba7:

• The Origin header is set to https://zcexystba7.com
• The user agent is set to Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0 zcexystba7
• The Accept header includes text/zcexystba7
• The Accept-Encoding header includes zcexystba7
• A GET request URL parameter includes zcexystba7=1

Sometimes only a subset of these exist with the random string. The string varies in length, e.g. yg6x1 is another example. Almost all of the requests include the random GET request parameter.

My first thought was maybe a BREACH attack, but the random string used in each request doesn't look like anything secret to me. I don't think that's it.

The timing of the requests indicates that the attacker is using a tool/script (e.g. 20 requests in 1.5 seconds).

Any ideas what the attacker may be attempting to accomplish?