Cloudflare's abuse form will not let you submit the report if you don't include a URL that currently points to their network. There're no options for phishing / scam domains for which they're the registrar and/or DNS hosting.
I haven't tested the form, but they do claim you can report abuse of the registrar with some of the options, perhaps they've changed it?
Failing that:
> If Cloudflare is listed as the registrar on an ICANN WHOIS listing, you also can email reports related to our registrar services to registrar-abuse@cloudflare.com
Extracting from the page
> Which category of abuse to select > Phishing & Malware
https://www.cloudflare.com/trust-hub/reporting-abuse/