[ransackdev]

> rolled out an update to hundreds of thousands of millions of devices with simply emailing me if that's ok.

If it's malware, they don't care if it's ok, they are malware authors. Contact your hosting provider which 100% has the ability to offload traffic from malware and ddos. They are responsible for the network and will not want malicious traffic anywhere on it, esp if it's tying up bandwidth for paying customers or premium bandwidth. If it was a large amount of bandwidth they would have contacted you long before you contacted them. I'd still reach out, they will move on it quick if it's an issue, and at the least can examine the traffic to determine if it's bad or not.

Cloudflare won't do much good here no? The requests still have to proxy back to your origin servers to spit back the ip. You can't utilize any caching on cloudflare due to the unique ip of each client. Their ddos prevention might not help because these are clients each with their own unique ip address, which is probably a cellular provider's ip space and not bad traffic. If it's the volume of clients hitting you, and not the volume of requests they make, it wouldn't trip cloudflare, or they'd be blocking major cellular address space across their entire network (which is a large portion of the internet these days)