[ransackdev]

You mentioned low income countries. This could be infected devices running ancient unpatched OSes, but what if the traffic is legit, coming from impoverished countries who found your service and use it to teach their children and learn things they'd otherwise not have access to?

Personally I would deep dive the traffic and try to determine the intent behind it, you could be destroying a future generation's potential, and not blocking malware I'm assuming you can correlate the requests from those ips with that they are translating. Odds are someone is hitting your service to translate for their paid service, but if it's an important part of a poor country, I'd find a way to allow it to keep happening

> AFAIK we couldn't see translation requests from them, just loading our website.

Browser homepage? Or maybe the unlucky victim of a "connectivity check/am I online" recurring task