By spamming your server with requests to fetch meta-data from a third-party domain, the attacker overwhelm that website while hiding behind your web server.