In the past, I used the following website ("http://www.crimeflare.cc:82/cfs.html") with some success when discovering the original IP address of a website. This does not help if the website has always been behind CloudFlare and has never had a DNS record with an IP other than Cloud Flare.
When the above fails, you need to rethink your tactics. An easy trick is to send an email to the website in question, send something that the owner / operator of the website also wants to answer. Now, this trick requires you to run your own email server, or at least have access to the SMTP records. Once you receive a reply, the SMTP e-mail records must show an IP from the original e-mail server. The vast majority of the time, outgoing emails will not be passed through a filter, but will be sent directly from the server. The IP of the email server will in many cases also be the IP of the websites, or within the same IP range. You can then use the "whois" information on the IP of the email servers to find where and who is hosting the server. You can then file a report of abuse with that company. Most companies will tell you if the site is not hosted with them if their results are not correct.
In addition, public DNS records for incoming mail, in many cases have Cloud Flare as an email gateway for incoming mails. This is the reason why I would need to go after the outgoing email.
I hope you help.