It's traffic analysis. They know when something 'subversive' gets posted, they can filter out who was connecting to the site at that time, get a list of suspects. Obviously 99% of the traffic is coming from mobiles which have great metadata tagging already, also geolocation. Cafe wifi you can use from across the road, in a busy place etc, much harder.
Does Warp actually hit the CF Bangkok endpoint when in Thailand? Is local regulation affecting Warp rollout location wide? This would circumvent the licensed international gateways as I imagine Cloudflare is backhauling this traffic to Singapore fine as a CDN edge but as ingest for VPN traffic sounds risky... Can you check? I bet your hitting the Cloudflare SGP cluster instead so still leaving Thailand via True/CAT/AIS/TOT/3BBJastel.