That said, with Hetzner I've had the trademark complaints as well, but they've always given us 24h, and were always okay with us saying that our usage (e.g. showing a logo of a shop next to their review) was fair use.
I have an email from them forwarded by a third party reporting phishing on a CF-DNS-hosted site where Cloudflare denied they had any responsibility whatsoever as “they host no content”.
Of course, it requires a subpoena to discover who DOES host the content, as they are the only ones who know.
They do it for lots of right reasons, I'm sure, but they also do it based on simple claims. While I thought that's a great way to hurt any site if such a claim is all it takes, I haven't experimented with it, so I don't know if you have to make it a legalese thing, or if they do some automated checks. But once you get a site flagged, it'll probably stay so, unless they have some very good connections to CF.
They will forward any complaints also to the hosting company of the origin, but if you're not in luck, the site will be hosted at a questionable company that has no trouble hosting phishing sites. Hetzner for example did quickly react and requested comments from us under threat of shutting down the server. They were happy with our response and their own checks however.
Still, I agree that they should have a way of de-anonymizing who is behind a site, their business is in protecting against technical attacks, not protecting against the law.
By contrast, this is the email that a MAANG company received recently regarding a site being reported for phishing one of their login sites:
So I guess they are somewhat arbitrary in their phishing actions.