I use nginx reverse proxy but, recently i got some attack from "Censys, Inc." then my modifed 404 page become default nginx 404 page. I use Tengine
From log scan, if u want more logs i can provide u, this thread hunting team is trying all posible vulnerable/ransomware attack on your server
Here some their ip in case u wanna block them with ip subnet
199.45.154.129
206.168.34.63