The problem with such a situation is that you have no idea of the origin IP address, as all the requests look like they are coming from your VPS. Did you find a way to restore origin IP in your logs?
If you're all set up on Debian, I don't see the advantage of switching to another flavor of Debian, unless you have a low powered machine (low specs, not much RAM).
dietPi is in fact Debian, with extra scripts to install/remove software. They also thinned it way down, so you get a working system with the bare essentials.
Do you use an external DNS when accessing your subdomain? I can only guess that it's the DNS leaking it.