rx13 
@da_667 Be sure to include that their abuse reporting has an API now, so send early and often. (Only required scope on the API key is Account->Trust & Safety->Edit
https://developers.cloudflare.com/api/resources/abuse_reports/
Johnley
nyanbinaryemail: string
A valid email of the abuse reporter. This field may be released by Cloudflare to third parties such as the Lumen Database (https://lumendatabase.org/).
email2: string
Should match the value provided in email
Lol
@nyanbinary @da_667 Yeah, they legitimately just took what you have to manually input in their HTTP Form and ported it to API. I assume they just have a little javascript worker on the backend that does JSON -> x-www-form-urlencoded to their preexisting form-based endpoints
@nyanbinary @da_667
Yeah, I've spent the last few days creating a Tracecat pipeline that greps logs for phishing domains coming to our platform (attackers don't get to control browsers, so we always get a nice 'referrer' value from where they're sending customers for phishing)
Now, it parses the last timeblock of logs filtered to domains that aren't our topN, and does a whois/tls cert check against each one, if the whois reg date is <3 months (or their registrar doesn't provide abuse contacts!), and the cert belongs to cloudflare, they get automated takedown requests