rx13 
@da_667 Be sure to include that their abuse reporting has an API now, so send early and often. (Only required scope on the API key is Account->Trust & Safety->Edit
https://developers.cloudflare.com/api/resources/abuse_reports/
nyanbinary@nyanbinary @da_667
Yeah, I've spent the last few days creating a Tracecat pipeline that greps logs for phishing domains coming to our platform (attackers don't get to control browsers, so we always get a nice 'referrer' value from where they're sending customers for phishing)
Now, it parses the last timeblock of logs filtered to domains that aren't our topN, and does a whois/tls cert check against each one, if the whois reg date is <3 months (or their registrar doesn't provide abuse contacts!), and the cert belongs to cloudflare, they get automated takedown requests