I ran an external malware scan on one of my sites and it returned the below code as malicious and a search turned up this website listing CF as the owner:

list of bot bait sites owned&operated by cloudflare

[[<div style="position: absolute; top: -250px; left: -250px;"><a href="**https://grandrapidsaftermath.com**/difference.php?yr=0">table</a></div>  <div id="no-cookie-warning" class="cookie-warning" data-translate="turn_on_cookies" style="display:none">  <p data-translate="turn_on_cookies" style="color:#bd2426;">Please enable Cookies and reload the page.</p>  </div>  <p data-translate="process_is_automatic">This process is automatic. Your browser will redirect to your requested content shortly.</p>  <p data-translate="allow_5_secs" id="cf-spinner-allow-5-secs" >Please allow up to 5 seconds%26hellip;</p>  <p data-translate="redirecting" id="cf-spinner-redirecting" style="display:none">Redirecting%26hellip;</p>  </div>   <form class="challenge-form" id="challenge-form" action="/013a86b73881c6ae4097cc9fe07cdf12?__cf_chl_f_tk=Je4AFzKWA7Hma6wKgMsmnFXPqIWcbExPuWnioT8BWDg-1652191459-0-gaNycGzNByU" method="POST" enctype="applicatio

“owned and operated” is incorrect - Cloudflare is a CDN that has a free tier and you’d see that page on millions upon millions of websites.

https://www.cloudflare.com/abuse/form is where you can report sites hosting malicious content.

Thanks @KianNH

I hit that site searching; but …

After spending days recreating the site on two other domains and not finding any malicious files after malware scans, downloading backups to my local machine and comparing all the files and finding no difference or any suspicious files, using other online scanners as well as internal and coming up clean, I emailed the developer and:

Got an Apology! My site was clean.

I need a massage, a hot tub and a large drink.