Geez, these things are still occurring? I've seen a fair number recently (on Frontier in the US), targeting typical third-party caching servers (e.g. Cloudflare, Google). I'm not affected (no session, as I don't use them), but some might be. I figured RPF would have wiped this sort of thing out by now.
Possibly a minor reason to run your own caching server, and specifically not use the common third-party caching servers?
Edit: As numbers games go, it's a really slim one for anyone reading this forum. But hey.