I have notices on some empire framework C&C traffic, that it make use of a cloudflare network IPs.
for example, the domain ceeskophishingcampaignapt1337[.]com that used for C&C, like in one of the
automated scans performed on an Empire PowerShell script: https://tria.ge/201014-d72rhy53ex/behavioral1#network , make usage of cloudflare IPs.
There should be restrictions on that kinds of malicious usage in cloudflare reverse proxys.
Why there is no restrictions/blocking for cases like this?
Is it even possible to block this kind of usage?