As for internet service providers not pulling the plug on websites, since they're basically infrastructure/utility --
https://www.cnn.com/2022/09/04/tech/cloudfare-blocked/index.html
While they are saying this is an "unprecedented emergency and immediate threat to human life," as people seem to be harassing some "Canadian trans woman[sic]", we're only a couple steps and a fαℓѕє fℓαg attack [say, the murder of a sodomite] before any sites that express disapproval of sodomy or other such aberrations are shut down as [somewhat less than] immediate threat to human life.
Cloudflare is a service though. They stand in between websites and customers, basically masking the REAL location of a website, so Denial-of-Service attacks can't reach the actual website target. It functions like a shield of sorts.
Basically I would point CathInfo to "Cloudflare", and that's the only IP address you'd ever see. You physically couldn't see the IP address where CathInfo REALLY resides; only Cloudflare would know this. They would stand out in front of CathInfo and block any Denial of Service attacks.
That's my understanding of what Cloudflare does. They might offer other services too, but nothing you can't get elsewhere.
Basically, the common wisdom is that once you reach a certain size, or a certain prominence/importance, you NEED services like Cloudflare to protect you or you WILL fall victim (collapse because of) DoS and DDoS attacks.