I can understand your frustration with background internet noise, but please note Cloudflare is not known for broadcasting their customers' names to the first abuse report with a pcap of a TCP handshake.
There may be more realistic ways to go about protecting people's SSH servers that trying to dox Cloudflare VPN users.
I can‘t understand it. There doesn‘t appear to be any downside or even abuse happening. The fact OP expects a company to explain who and why a customer of theirs did a legal non abusive act is just an outstanding level of entitlement.
I assumed OP wants to know the identity of the Cloudflare users scanning their SSH ports.
I think OP guessed it was probably not Cloudflare themselves scanning their ports, so I think that's what they meant by "hear who and why".
Maybe dox is too strong a word. My point is, from what I've heard, the general sentiment is that you're unlikely to get any information about customers just by sending abuse reports to Cloudflare.
There may be more realistic ways to go about protecting people's SSH servers that trying to dox Cloudflare VPN users.