Very odd, I would contact hetzner to understand how and why Cloudflare CDN range is hitting your webserver then as Cloudflare ranges shouldnt be hitting your server at all if you are not using them.
Unless you inherited somebodies IP address that has forgotten to remove their A records? Might be useful to prepend the hostname to the nginx logs so you can see if they are requesting a resource on your server that doesnt exists.
example nginx config:
log_format main '$server_name $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
# Logging
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
but I know the access_log for you might be different
even thought the hostname might not show as $server_name as depending on your nginx configuration it could be hitting the last in chain.
Edit: I just did so OSINT on the ip address I can see that a domain did have your IP address before so maybe they were using cloudflare and they have forgotten to disable their A record that is being proxied by cloudflare OR this hetzner instance is being used by multiple people but this would just be very odd as you are getting the logs for all requests so this is probably not the case.
Edit edit: Just did a lookup on their domain and they are using cloudflare, I dont want to leak the domain but are you pointing two different domains towards this IP?