Hacking done using cloudflare as gateway?

One of my companies had an account on a websites that does transcriptions. Company closed down in 2021, yet a few days ago I casually saw an email informing me some transcriptions were completed, with relative charges. I had to reset the password, and then I logged in the website offering the service, and in fact someone uploaded 5 videos to make transcriptions. I notified the company and asked them the IP addresses from where the uploads have been done. They gave me an IP for each of the videos uploaded:

I reversed lookup the IPs, and I noticed that they all belong to Cloudflare. It is clear that whoever got in possession of the password intended to anonymise their activity using a gateway. No abuse contact or means to contact privately Cloudflare is present, making it difficult to report this sort of activities… I had no idea Cloudflare could be used as an anonymiser, and that furthermore protects the perpetretors from being even pinged during an attack!

Well, I leave this here, just in case it can help someone.


Well, it makes sense as the bad guys can buy (or hijack) a Cloudflare WARP/Teams account. I hope CF subnets won’t end up in all sorts of abuse lists like AWS Workspaces or Microsoft Windows365.