We are trying to shut down a phishing threat actor that is operating out of Russia and abusing the Cloudflare Turnstile service. They use it to check if the click to their website is coming from a human, or in fact security software checking the link. If it determines you are security software, then it redirects you to micorosft.com. If you are a human, you get a well-crafted fake Office 365 login page to harvest your credentials.
Unfortunately, we can’t report via the Cloudflare website’s abuse form, as we need to input the turnstile URL as part of the evidence and I quote from the error generated - Filing an abuse report regarding Cloudflare as a domain is disallowed as it would not be associated with allegedly abusive activity.
Does anyone have advice on how to get hold of a security contact at Cloudflare, so we can try to resolve this?