The script was not using Cloudlfare to grab the IP, it was using iptools website. Plus, it doesn’t even need to be malicious - it can simply hive you the wrong IP. I know this because I ran a script querying 40 different sites which provided the IP address, and I found at least 4 of them giving incorrect IP addresses over the course of 24 hours. This is why you shouldn’t trust any single source, but compare multiple different sources and THEN update cloudflare with the IP. You see?