There are several unrelatd topics here, but:
Yes, the IP never is safe from attackers. Neither is the domain name is your scenario.
First, Cloudflares DNS might support some encrypted transfer, but this won't happen if the client doesn't use it. Making a normal old DNS request is still unencrypted, so a sniffing something can see what domains you're visiting.
Then, even if it was encrypted, the whole point of DNS is to transform a domain name to a numeric IP address. This IP is then used to request the content of the website itself. Anything on the way there (your ISP, some other commercial internet nodes, the websites hoster, etc.) can see the target IP (and yours too).
And the content of the request will also contain the domain again, because there might be several different domains on one IP. This is true for both HTTP and HTTPS, and both times it is not encrypted. There are some plans for HTTPS to make encryption of this part possible, but right now it is plaintext.