They also do a lot of things to identify discrete real users - I asked because normally it’s not as simple as a NAT triggering this, especially once people establish reputation within a session. I’ve had multiple times where someone reported that as a problem for our sites and then investigated and found that they did have a system with malware, or a browser extension changing their behavior enough to look like a bot.