Sixty-eight percent of phishing infrastructure is hosted on Cloudflare, making it a significant player in the modern phishing ecosystem. Research from a cybersecurity intelligence team tracked over 42,000 phishing sites, revealing that attackers exploit Cloudflare's free tier for its robust DDoS protection and obfuscation capabilities. This setup complicates efforts to trace the actual hosts behind phishing sites, as many domains are clustered within Cloudflare's network, particularly on its primary ASN (AS13335). The research highlights a split in phishing strategies: over half of the malicious sites use disposable infrastructure for quick attacks, while the remainder leverage CDN protections for long-term operations. Traditional IP blocking methods are ineffective against this latter group, which obscures its identity behind Cloudflare. Attackers are also increasingly using reputable top-level domains (.com, .dev, .app) instead of the less credible ones, targeting developers and employing free hosting platforms like GitHub Pages and Vercel to mask their activities. Phishing-as-a-Service (PhaaS) has emerged as a new model, where complete attack infrastructures are available for subscription. This includes advanced features like MFA bypass, which allows attackers to intercept user credentials without needing passwords. The analysis identified a significant focus on Meta, with over 10,000 phishing attempts aimed at stealing credentials from its platforms. The article underscores the need for more sophisticated defense strategies, including CDN-aware detection and behavioral analysis, as traditional methods become increasingly obsolete in the face of organized, professional phishing operations.