They claim they will do all this for you if they are (allegedly) proxying malicious content. Source: their abuse form [1], selecting "Phishing & Malware". Did you have bad experiences with this? Might be worth sharing.

[1] https://www.cloudflare.com/abuse/form

I had recently a (b/s)ad experience with them. I am hosting the demo site for my open source image hosting solution (pictshare) behind cloudflare and had the CASM tool (that searches automatically for child pornography) enabled. Felt safe enough but after a while I noticed a TON of traffic.. like gigabytes an hour through cloudflare

Turned out someone uploaded like 1000 child pornography images to the demo site, cloudflare didn't once send me anything or block an image before being uploaded.

I wrote their support and they pointed me to the abuse form you mentioned (which would had reported the content to myself?)

I thought they'd look into their logs and send interpol the uploaders IP addresses but no, they didn't do anything.

In the end I got interpol and the local BKA (Federal Criminal Police Office) and they were so awesome and I prepared excel sheets for them with all ip addresses and log entries of every consumer and uploader.

i used the form and emailed abuse@ (for sites blatantly impersonating relief effort organizations at the onset of covid-19)

all attempts got responses like "cool, but we don't do any of that. please contact google safe-site(tm) beta or something and get it blocked on the browser via that".

Everyone here posting that they replied probably used email from a domain that is an expensive paid customer from them. I used a @gmail one.

Pardon me but I've contacted multiple times Cloudflare and they always shut them down.

https://i.imgur.com/9pUiR4J.png