I have a question for cloudflare. Does it support Abuse and malicious content ?

There is a website {redacted}

This website is acting as command and control server for a threat campaign. This front end panel is also vulnerable so I was able to get access of database and check all the usernames and passwords.
The Java tomcat server is also vulnerable so I was able to get and extract all source code files of server.
It is communicating on regular basis with victim devices
Its still operational under CLoudflare. I have reported multiple times.

How?

Using Cloudflare report abuse form

In that case you chose the correct way and it is now up to Cloudflare to make a call on whether that constitutes abuse.

This is extremely funny as I can see it is acting as command and control server for mobile devices.
I even provided credentials to them for logging in…
Strange

I am afraid that really is a call Cloudflare’s security team has to make. If you reported it already, then they should be aware of it.

I agree, but this is really strange as these are quick actions to be taken by respective CERTs. Imagine a client not paying the fee on respective time, His account will be BANNED.

THese are immediate decisions unless you are supporting it.

I rather doubt Cloudflare would “support” “it”. More likely the evidence is not enough. Anyhow, the community cannot really do anything here and if you want to pursue that you will have to speak to the abuse team I am afraid.