[thaumaturgy]

I have no insight into this particular case/incident, but I do have to deal with a lot of http traffic management, and I've lately been seeing Cloudflare IPs show up a lot more often in my logs for probes and nuisances, and not because the traffic is being proxied (or at least, it doesn't have the CF-Connecting-Ip header).

Used for these attacks, dunno, used for some attacks, yes. (But CF still remains a much less frequent nuisance than pretty much any other infrastructure provider.)

[andrewaylett]

One of types of services Cloudflare provides goes by the name "Warp". Calling it a VPN is only wrong in ways that don't really matter — it has the effect of causing client traffic to appear to originate from a different IP address to the one they're notionally connected to the Internet via.