One of my companies had an account on a websites that does transcriptions. Company closed down in 2021, yet a few days ago I casually saw an email informing me some transcriptions were completed, with relative charges. I had to reset the password, and then I logged in the website offering the service, and in fact someone uploaded 5 videos to make transcriptions. I notified the company and asked them the IP addresses from where the uploads have been done. They gave me an IP for each of the videos uploaded:
172.70.147.167
162.158.170.61
162.158.170.39
172.70.188.155
172.70.188.205
I reversed lookup the IPs, and I noticed that they all belong to Cloudflare. It is clear that whoever got in possession of the password intended to anonymise their activity using a gateway. No abuse contact or means to contact privately Cloudflare is present, making it difficult to report this sort of activities… I had no idea Cloudflare could be used as an anonymiser, and that furthermore protects the perpetretors from being even pinged during an attack!
Well, I leave this here, just in case it can help someone.
Roberto