Cloudflare Deanonymization Attack

I am probably just crazy

I was reading articles on how to install Debian NVIDIA drivers using Tor browser

I have my sys-whonix onion circuits open

About 20 cloudflare addresses started showing up all on different circuits. They were based on onions but cloudflare could be connecting to certain servers it is familiar with so it knows 3 of the paths.

I felt like I was being attacked. The address showed up in 20 of the circuits. Whonix kept making more addresses to try to make things less clear. Cloudflare also kept adding addresses. So I would see 20 but some may have closed.

Just cloudflare logging all those ping times seems dangerous. There are many people who think at least some tor nodes are owned by adversaries. If cloudflare has partnered with 20 percent of the tor nodes (this is an idea based on no research or facts), then an attack like this makes it so much more likely for someone to be deanonymized. My threat model isn’t that high but I don’t like this. I hate cloudflare and this seemed like an attack but I don’t have technical knowledge to know.

Am I being paranoid? Is cloudflare attacking me? They could both be true.

You can test this. Please be careful in testing it. This is the website I was looking at:

I was using Tor with the standard settings and the latest version going to sys-whonix with no special settings.