Lot of phish malware and ddos (booter's) use CF with options WAF=enabled. So tool like urlscan, abuse.ch cannot connect to check for phish or run scan.