If you landed on the XboxAchievements page for Endless Legend 2 and were greeted with the message “The owner of this website has banned your IP address (104.196.9.116),” you are seeing a deliberate server-side block rather than a transient site outage—and there are concrete steps, implications, and alternatives to understand before attempting any workaround.
Cloudflare and other web security/CDN services sit between millions of websites and their visitors. When a site running a security layer (for example Cloudflare, Wordfence, or similar Web Application Firewalls) decides an IP, ASN, browser signature, or whole country is suspicious or abusive, it can return a block page that looks exactly like the one you reported. Cloudflare’s own documentation groups these messages as 1xxx errors such as Error 1006 (“Access Denied — Your IP address has been banned”) or related rate-limit messages, and explicitly states that when a site owner blocks an IP the service cannot override the site owner’s settings—only the site operator can remove that block.
The exact line shown (“The owner of this website has banned your IP address (104.196.9.116)”) is a standard presentation for a site-level block. It is not an automatic browser error; it’s the site (or the site’s security front-end) telling you your client IP was denied access.
Most blocks are resolvable: they stem from well-meaning (if sometimes heavy-handed) security rules. The recommended path is to collect the block details, verify whether the block is IP-specific by testing other networks, use alternative achievement sources such as the official Xbox app, TrueAchievements, or Exophase for immediate needs, and engage the site owner with the captured evidence so they can investigate and, if appropriate, lift or refine the block. Cloudflare and WAF providers will not unilaterally remove a customer’s security rule, so the site operator’s cooperation is the central step in remediation.
If you want, provide the exact screenshot and RayID from the xboxachievements block page (and confirm whether you can load the page from a cellular connection). With those details it’s possible to prepare a precise support message you can send to the site admin or advise on the safest temporary workarounds to reach the achievement list for Endless Legend 2.
Source: Xbox Achievements Endless Legend 2 Achievements
Cloudflare and other web security/CDN services sit between millions of websites and their visitors. When a site running a security layer (for example Cloudflare, Wordfence, or similar Web Application Firewalls) decides an IP, ASN, browser signature, or whole country is suspicious or abusive, it can return a block page that looks exactly like the one you reported. Cloudflare’s own documentation groups these messages as 1xxx errors such as Error 1006 (“Access Denied — Your IP address has been banned”) or related rate-limit messages, and explicitly states that when a site owner blocks an IP the service cannot override the site owner’s settings—only the site operator can remove that block. The exact line shown (“The owner of this website has banned your IP address (104.196.9.116)”) is a standard presentation for a site-level block. It is not an automatic browser error; it’s the site (or the site’s security front-end) telling you your client IP was denied access.
What likely happened (technical causes)
Several different, routine security or configuration choices can produce the same block page. The most common:- IP or ASN ban: The site owner added your IP, or the whole network range (ASN), to an IP Access Rule or firewall block list. That often happens when a blocklist entry shows suspicious activity from that address range. Cloudflare explicitly documents this behavior.
- Rate limits triggered: If the site detected many requests coming from your IP in a short window (scraper, bot, or heavy fetch) it may have triggered a rate-limit rule and returned an Error 1015 or similar message indicating the requests exceeded the allowed rate. Rate-limit protections are a frequent cause when scraping or automated tooling is involved.
- Browser or fingerprint block: Some security features block based on browser signature or header anomalies (user agent, missing headers, headless browser patterns). Cloudflare items such as Error 1010 show that blocking by browser signature is possible and site owners can tune that.
- Country or region block: A site may restrict entire countries; Cloudflare’s Error 1009 covers that scenario.
- Third-party plugin or WAF (e.g., Wordfence): WordPress security plugins and firewalls often implement their own block pages and rules that can appear identical to CDN blocks. Those plugins will block IPs for suspicious requests or because of a shared IP being flagged elsewhere. Wordfence documentation explains how visitors can see a block page and why legitimate users sometimes get trapped.
Quick verification you can do right now
- Try the site from a different network immediately (cellular/data tethering or a different Wi‑Fi). If the page loads from another network, the block is IP-specific and not a full site outage.
- Use a different browser or an incognito window. If a browser signature block is in play, this can help rule it in or out.
- Save the block page screenshot including any RayID or error code shown—site owners and Cloudflare logs will often need that exact RayID to find the reason for the block.
- Perform a WHOIS or IP lookup on the blocked IP (104.196.9.116). That specific IP sits in the Google Cloud netblock (104.196.0.0/14), which indicates the request originated from a Google Cloud address or a service using Google-hosted infrastructure. That fact can be relevant if the site owner blocks entire cloud provider ranges or specific hosting provider IPs.
Step-by-step troubleshooting (for users)
Follow these ordered steps before trying any circumvention:- Reproduce the problem and capture details
- Take screenshots of the block page; note the exact message, any RayID or error code, and the blocked IP shown.
- Record the timestamp (UTC) and the public IP you were using.
- Test from a different network
- Connect through mobile data, a friend’s network, or a public network to confirm whether the block is IP-specific.
- If the site works on another network, the block is almost certainly tied to your public IP or ISP range.
- Restart your home router (if you have consumer-grade ISP service)
- Some ISPs use dynamic IPs; a router restart can sometimes assign a new public IP and resolve a temporary block. This works only where ISPs don't use persistent static or carrier-grade NAT addresses.
- Use official channels to view achievements (alternate sources)
- Use the Xbox app (PC/mobile) or Xbox.com to view achievement lists and personal progress—this avoids third-party sites entirely. Microsoft’s support pages show how to find achievements in the Xbox apps.
- Try well-known achievement aggregators
- If xboxachievements.com remains inaccessible, use reputable alternatives such as TrueAchievements or Exophase for full achievement lists and guides; both host comprehensive achievement lists for Endless Legend and related titles. These are reliable workarounds for reading the list while you resolve access to the original site.
- Contact the site owner/admin
- If you can find contact info for xboxachievements.com or the site’s webmaster, send the screenshot, RayID (if present), the blocked IP, and the exact time. Be polite and precise—site admins can usually whitelist a single IP or explain why the block occurred.
- Avoid immediate "workarounds" that may cause more problems
- Using random free proxies or botnets to circumvent a site block may violate terms of service and could exacerbate the problem. Treat any block as a legitimate safety mechanism until proven otherwise.
- Consider a VPN temporarily (with caution)
- A reputable paid VPN can provide temporary access from another public IP range. Use this only to read public content—if the block was for abusive behavior your IP was linked to, continuing the same activity under a different IP can be an escalation. Also note some sites proactively block major VPN endpoints.
Step-by-step actions for site owners / admins (how to diagnose and fix)
If you operate a site and see reports of users receiving this block:- Gather the RayID or full block page screenshot from the visitor and search your security logs for that RayID (Cloudflare) or the corresponding WAF event. Cloudflare’s troubleshooting docs explain how admins find the RayID in Security > Events.
- Check IP Access Rules and Rate Limiting
- Review IP Access Rules for single IPs, ASN lists, and country-based filters.
- Inspect rate-limit rules that may have inadvertently blocked legitimate visitors.
- Evaluate WAF signatures & security plugins
- If using Wordfence or similar, check the live traffic logs and reasons given for blocking—some rules have false-positive behaviors that need tuning. Wordfence publishes guidance for troubleshooting blocking behavior.
- Consider whitelisting trusted IPs
- For repeat issues with cloud provider IPs (for example Google Cloud addresses), evaluate whether an entire netblock was blocked and whether it should be refined.
- Communicate with affected users
- Provide a mechanism (support email or form) where blocked visitors can request review. That reduces user frustration and helps admins locate legitimate false positives.
Legal, ethical, and security considerations
- Respect site policy: If the block is intentional due to policy enforcement (bot scraping, data harvesting, repeated abusive requests), attempting to bypass it with anonymizers or headless browsers can be considered malicious and may worsen the situation.
- Shared IP collateral damage: Many users share public IP ranges (cloud providers, cellular carriers). Blocking whole netblocks can unintentionally deny legitimate users. Admins must balance protection and accessibility.
- Privacy and data protection: When contacting a site owner, do not disclose credentials or any personal data beyond what’s necessary to diagnose the block (IP address, timestamp, RayID).
- Repeated circumvention risk: Using a VPN or rotating proxies to repeatedly access a site after being explicitly blocked can trigger automated escalations (IP blacklisting, legal notices), and may breach the site’s Terms of Use.
Alternatives for viewing achievement information (specific, practical options)
If xboxachievements.com is unreachable, these alternatives let you view achievement lists, rarity, and guides without needing that site:- Xbox App / Xbox Console Companion / Xbox.com
- The official Xbox applications and web portal show your personal achievement history and the full achievement list for games you own or have played. This is the most authoritative source for achievement records.
- TrueAchievements
- A long-established community-driven achievements website with guides, rarity tracking, and walkthroughs. TrueAchievements hosts up-to-date achievement lists for Endless Legend and similar titles.
- Exophase
- Exophase aggregates achievements across platforms (Steam, Xbox, PlayStation) and shows community percentages and trophies. It’s a good cross-platform fallback if a single site is down.
- Steam community pages (if the title is on Steam)
- For PC users with the Steam release, the Steam game hub lists achievements and the percentage of players who unlocked them.
- Community forums and wikis
- Dedicated game wikis, Reddit threads, and fan-run guides often replicate full achievement lists and include practical tips.
Critical analysis: strengths and risks of the current blocking approach
- Strengths
- Blocks are effective at reducing scraping, automated abuse, and DDoS-like behavior. Properly configured, they protect site performance and bandwidth.
- Granular controls (per-path rate limiting, ASN rules) give site owners powerful defenses that don't require manual intervention for every attack.
- Risks and collateral damage
- Overbroad rules (blocking entire cloud provider ranges or countries) frequently deny legitimate users such as remote workers, cloud-hosted services that fetch site data for valid purposes, or mobile users routed through carrier IP ranges.
- False positives from aggressive browser fingerprinting or heuristic blocking can create a poor user experience and drive users away—especially when a community site like XboxAchievements relies on accessibility and repeat visits.
- The burden of removing blocks usually falls on the site owner; users are left with few recourses beyond contacting admins or using a VPN. Cloudflare’s documentation is explicit that the CDN can’t override customer-configured blocks, which leaves blocked users dependent on site operators for remediation.
Practical recommendations (summary)
- For users:
- Try a different network (mobile tether), clear cache, collect the RayID and timestamp, and contact site owners with the evidence.
- Use official Xbox resources or alternative aggregation sites (TrueAchievements, Exophase) in the meantime.
- Use VPNs only as a temporary read-only workaround and avoid repeating any automated behavior that may have caused the block.
- For admins:
- Review Cloudflare/edge security events and WAF logs using the RayID. Refine rate limits and avoid broad ASN or country blocks unless necessary.
- Provide a clear support pathway for blocked visitors to request review.
- Consider whitelisting trusted bot IPs and cloud-provider ranges used for benign services, or tighten rules to specific malicious behaviors rather than whole-netblock bans. Cloudflare’s docs and firewall event logs are the first place to look for exact causes.
Final thoughts
The message “The owner of this website has banned your IP address” is disconcerting but deliberate: it’s the site or security front-end protecting itself. For the blocked IP you reported (104.196.9.116), public WHOIS and IP range data show it sits inside Google Cloud’s 104.196.0.0/14 allocation—information that’s useful context when talking to an administrator about why the site might have blocked cloud-provider addresses.Most blocks are resolvable: they stem from well-meaning (if sometimes heavy-handed) security rules. The recommended path is to collect the block details, verify whether the block is IP-specific by testing other networks, use alternative achievement sources such as the official Xbox app, TrueAchievements, or Exophase for immediate needs, and engage the site owner with the captured evidence so they can investigate and, if appropriate, lift or refine the block. Cloudflare and WAF providers will not unilaterally remove a customer’s security rule, so the site operator’s cooperation is the central step in remediation.
If you want, provide the exact screenshot and RayID from the xboxachievements block page (and confirm whether you can load the page from a cellular connection). With those details it’s possible to prepare a precise support message you can send to the site admin or advise on the safest temporary workarounds to reach the achievement list for Endless Legend 2.
Source: Xbox Achievements Endless Legend 2 Achievements