I just want to mention, Cloudflare is ineffective if the hackers know the IPs of hashnest's name servers. They need to get completely new hosting and then immediately get cloudflare right after that.
That is not correct. After setting up Cloudflare you simply set the existing servers to automatically reject every connection attempt except those going through cloudflare...
Then why is the site still down? If it was that simple should we not have full access back by now? I don't know all the details of how cloudflare works and I know it's complex, but I've seen another website before get hacked and they couldn't prevent the DDos attacks (even with cloudflare) until they acquired new hosting.