What is best practice for reporting vulnerability scans?

Question

While reading our logs I came across several requests that seems to be scanning for vulnerabilities on our web app.

2021-09-25T17:32:44.164858+00:00 app[web.1]: 54.39.216.121 - - [25/Sep/2021:17:32:44 +0000] "GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1" 404 136 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2021-09-25T17:32:44.385438+00:00 app[web.1]: 54.39.216.121 - - [25/Sep/2021:17:32:44 +0000] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 136 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2021-09-25T17:32:44.899962+00:00 heroku[router]: at=info method=GET path="/" fwd="54.39.216.121,172.70.110.92" dyno=web.1 connect=1ms service=273ms status=200 bytes=179371 protocol=https
2021-09-25T17:32:45.150180+00:00 heroku[router]: at=info method=GET path="/xmlrpc.php" fwd="54.39.216.121,172.70.110.66" dyno=web.1 connect=0ms service=2ms status=302 bytes=219 protocol=https
2021-09-25T17:32:45.182297+00:00 app[web.1]: 54.39.216.121 - - [25/Sep/2021:17:32:45 +0000] "GET /about/xmlrpc.php HTTP/1.1" 404 136 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"

I looked up the ip address 54.39.216.121 but I'm not sure what to make of it. The URLs returns JSON.

Do I write an email to abuse@ovh.ca? And what do I write?

whois 54.39.216.121

NetRange:       54.39.0.0 - 54.39.255.255
CIDR:           54.39.0.0/16
NetName:        HO-2
NetHandle:      NET-54-39-0-0-1
Parent:         NET54 (NET-54-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   OVH Hosting, Inc. (HO-2)
RegDate:        2017-10-16
Updated:        2017-10-16
Ref:            https://rdap.arin.net/registry/ip/54.39.0.0
OrgName:        OVH Hosting, Inc.
OrgId:          HO-2
Address:        800-1801 McGill College
City:           Montreal
StateProv:      QC
PostalCode:     H3A 2N4
Country:        CA
RegDate:        2011-06-22
Updated:        2017-01-28
Ref:            https://rdap.arin.net/registry/entity/HO-2
OrgAbuseHandle: ABUSE3956-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-855-684-5463
OrgAbuseEmail:  abuse@ovh.ca
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE3956-ARIN
OrgTechHandle: NOC11876-ARIN
OrgTechName:   NOC
OrgTechPhone:  +1-855-684-5463
OrgTechEmail:  noc@ovh.net
OrgTechRef:    https://rdap.arin.net/registry/entity/NOC11876-ARIN
NetRange:       54.39.216.112 - 54.39.216.127
CIDR:           54.39.216.112/28
NetName:        OVH-CUST-13387652
NetHandle:      NET-54-39-216-112-1
Parent:         HO-2 (NET-54-39-0-0-1)
NetType:        Reassigned
OriginAS:       AS16276
Customer:       StarkVPS (C07465115)
RegDate:        2019-12-01
Updated:        2019-12-01
Ref:            https://rdap.arin.net/registry/ip/54.39.216.112
CustName:       StarkVPS
Address:        Kiefernkamp 1
City:           Norderstedt
StateProv:

PostalCode:     22844
Country:        DE
RegDate:        2019-12-01
Updated:        2019-12-01
Ref:            https://rdap.arin.net/registry/entity/C07465115
OrgAbuseHandle: ABUSE3956-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-855-684-5463
OrgAbuseEmail:  abuse@ovh.ca
OrgAbuseRef:    https://rdap.arin.net/registry/entity/ABUSE3956-ARIN
OrgTechHandle: NOC11876-ARIN
OrgTechName:   NOC
OrgTechPhone:  +1-855-684-5463
OrgTechEmail:  noc@ovh.net
OrgTechRef:    https://rdap.arin.net/registry/entity/NOC11876-ARIN