[dsl]

The internet worked for so long because people responsible for each little island did what was for the most part in the best interests of the rest of the islands. If you didn't, other islands would shut off their links to you. Law enforcement was a last resort because 1. the courts don't move at the speed of the internet and 2. nobody wanted the internet getting top down governmental regulation because it was trans-national.

Cloudflare spent a bunch of venture capital to give away expensive things for free and buy market share. If you convince all the grocery stores to move to your island, you can operate a den of criminal activity with no fear of everyone else shunning you.

Talk to anyone who fights botnets, malware, or online scams. Once you hit the Cloudflare dead end you just have to give up. Law enforcement isn't going to take up a case where only 7,000 peoples computers are infected, and Cloudflare isn't going to investigate and take action themselves.

[peanut-walrus]

I do fight botnets, malware and scams. Criminals flock to any service where they can spread their stuff and appear legitimate. Google, Facebook, Vercel, Netlify, Amazon, Oracle, Microsoft, OVH, etc. In my experience, Cloudflare is not any more or less of a dead end than any of the other providers, there are some others in that list who deserve being called out a lot more.

[Sebguer]

Yes, Cloudflare has always been really shitty and automated at responding to abuse reports, and because they are the front-end connection, it is impossible to pursue the report against the 'real' host unless Cloudflare is willing to provide you with information about where that host is: which they won't typically do, even if you are a fellow infrastructure provider. It's been several years, so maybe they have gotten better, but I would be surprised.