I got another mail from Hetzner on Dec 10, telling me that the BSI told them my web site was having serious security problems with Next.JS. Not having high opinions on the BSI, I first thought this was some very elaborate scam attack but no, it turns out it was legit and also Umamis inbuilt Next.JS for me. But apparently there was no crypto miner or other active abuse yet.