Spamhouse considers Cloudflare as a privileged botnet-server-hoster.
Cloudflare listed as the number 1 hoster of C&C servers.
https://www.spamhaus.org/news/article/785/spamhaus-botnet-threat-update-q2-2019
polonus
This isn't particularly surprising when you consider just how big Cloudflare is.
As I use uMatrix (and uBlock Origin) in my Firefox browsers, I see just how many sites have connections to Cloudflare.
Though like other hosting services I would be expecting them to be taking positive action to prevent this type of action. I guess we live in different worlds.