CF doesn't care about that. They'll even continue to protect ddos-for-hire sites even after being reported on to Cloudflare abuse. All the ones mentioned in bold here for example were ALL protected from floods by Cloudflare:
Cloudflare is supposed to support free-speech not support those who oppose it. This example isn't just pure happenstance either, it's simply a common trend. The kids running panels use Cloudflare too and even brag about having "unhittable" servers.
More have been reported on for years with no action from Cloudflare. And when set up properly the only other option is try to report abuse to the domain restrar which sometimes works but when it doesn't you're SoL, left in a catch-22 where both CF and the registrar essentially say "We are not responsible for what hosts allow on their networks"
Ironically you can't find the host when nether gives it up if the site owner has everything set up properly and it won't even show on dnstrails. There are exceptions where things like info leaks might still give the info away but then you'd being potentially illegal territory yourself.
So unless you are the FBI or something to show up with a warrant you aren't getting help. Most game server vps renters don't take actual monetary damage or threats so nothing happens despite being victims consistently. There's an exception of some agent up in Alaska that helps or did at times but he was helping people facing threats too iirc.
I get Cloudflare not automatically dropping the ddos-for-hire protection before being reported on but after reports there is no ethical excuse specifically for this imo. They even have some abuse team looking through reports so this is indeed by choice. Protecting them allows them to build actual brand since as competition with each other, they'd attack each other once they become known enough. The sort of brands kids in games share to each other to cheat or just ruin someone's game or worse like the ones mentioned in bold.