Hello ,
Its clear that there is a malware or virus planted at your server , now a days hackers planted crypto mining malware to use your server to mine crypto for them
any way blacklisting list of suspicious IP's in htaccess is not enough at all , as ip address is the most easiest thing to be changed and any hacker can bypass it , You need to configure a security system for your server , which can detect the virus , malware by its activity , not by its ip address
also you need to configure A WAF for your server
looking forward to hear from you
mohammad