Is it because the s in iot stands for security? I'm asking genuinely. Where are these requests coming from?

I would put it down to 4 things:

- the internet's a lot bigger nowadays

- there are a lot of crappily secured iot devices

- the average household internet connection has gotten a lot faster, especially on upload bandwidth.

- there's a pile of amplification techniques which can multiply the bandwidth of an attack by using poorly-configured services.

Search for “residential proxy”.

This seems like a synonym for botnet.

Also a good synonym for "anonymized and deceiving army of AI crawlers circumventing controls for their own benefit".

What is cheap and what are the risks of getting caught? I can understand that for a 15 yo it might be for the lulz, but I am having a hard time to imagine that this would give street creds, and why be persistent about it. AI-bots would make more sense, but these can be dealt with.