I had domain1.tld and domain2.tld with Cloudflare from some years. Then I decided not to use them and deleted from CF console, but their phil/olga ns remained at my registrar.
Recently I decided to use them again, and found out that they resolve to some russian IP on adult sites, despite the fact that my root domains doesn’t contain any file, .htaccess clean.
An interrogation on 18.104.22.168 said that my domains have Cloudflare NS (dina/hugh), resolved to said russian IP.
Reentered now these domains in my CF console with my correct IP, and now they resolve ok.
However, how was that even possible? Can someone “steal” somebody else’s domains in that manner? How can this be prevented?