Of 44,797 CDN-served domains on the April 2019 Roskomnadzor blocklist, 99.6% (44,615) were hosted on Cloudflare—attributable to Cloudflare's free tier with minimal vetting enabling rapid mirror-domain creation by blocked operators; the blocklist also contained 1,769 responsive circumvention-related domains, confirming that circumvention infrastructure is an active and documented blocklist target.
From 2020-ramesh-decentralized — Decentralized Control: A Case Study of Russia
· §V-B, Table III–IV
· 2020
· Network and Distributed System Security
Implications
Circumvention tool domains and mirrors hosted on Cloudflare are high-priority, easily discovered blocklist targets; operators must maintain rapid domain rotation and should not treat Cloudflare hosting as protective cover.
CDN-based domain fronting through Cloudflare is strategically fragile in Russia, as Cloudflare IPs already appear heavily on the blocklist and collateral blocking of CDN space is a documented Russian tactic.