Just letting this pdf here about security of Seedboxes: https://media.defcon.org/DEF CON 31/DEF CON 31 presentations/Anon - Mass Owning of Seedboxes - A Live Hacking Exhibition.pdf

I could see the real source IPs for all other users in last logs.

Accessing their web interfaces shouldn’t be a risk, as you’ve already paid them and thus left a paper trail. But the point about accessing the IPs from the last ssh (or sftp) logins might be worth using a VPN for. If another user is able to get them law enforcement could too (not that it’s likely).