Achievement hunters visiting XboxAchievements.com to check the latest unlockables for Edgar Poe: Hidden Objects Game this week were met not with a list but with a stark error: "The owner of this website has banned your IP address (104.196.9.116)." The block, first highlighted in community reports on WindowsForum.com, is not a fluke or a targeted attack against individual users. It's a deliberate, automated security measure that's hitting anyone whose internet traffic happens to route through Google Cloud's IP space.
When a simple achievement lookup turns into a blockade
Multiple users attempting to view the achievements page for the newly released Edgar Poe: Hidden Objects Game on XboxAchievements.com reported seeing a full-page block instead of the usual list. The blocking page clearly states the banned IP—104.196.9.116—and offers no way to appeal or get an explanation on the spot. The IP address is not a random residential address; a quick WHOIS lookup confirms it falls within the 104.196.0.0/14 netblock owned by Google LLC and used by Google Cloud Platform services.
The timing of the block suggests it may have been triggered by automated traffic from that range. XboxAchievements.com, like many community-driven sites, relies on web application firewalls (WAFs) and content delivery network (CDN) protections—most notably Cloudflare, which can be configured to return an access-denied page with an error code and a unique RayID. The site might also be using a security plugin such as Wordfence, which allows blanket blocking of IP ranges, countries, or entire cloud provider ASNs. In either case, the decision to block 104.196.9.116 was made by the site's security rules, not by an individual moderator targeting a specific user.
Why you're seeing this—even if you've done nothing wrong
The most common reason for seeing this block is that your internet connection, at the moment you made the request, was assigned a public IP from a cloud provider's address pool. This can happen in several ways:
- You're using a VPN or proxy that exits through a Google Cloud node.
- Your ISP uses carrier-grade NAT and shares a pool that includes cloud-routed addresses.
- You're browsing from a corporate network or a developer environment that routes traffic through a cloud-based gateway.
- You're on a residential connection with a dynamic IP that, during that session, happened to be one previously allocated to a cloud service.
None of these scenarios mean you personally triggered an abuse rule. However, many websites—especially gaming-focused community sites that are frequent targets of scraping, credential stuffing, and automated attacks—take a heavy-handed approach to security. Blocking entire cloud netblocks is a crude but effective way to stop bots. The collateral damage: legitimate users caught in the sweep.
The hidden reason behind that IP ban notice
To understand why a site like XboxAchievements.com would block Google Cloud IPs, look at the economics of website abuse. A single unprotected forum can be hammered by thousands of requests per minute from cloud-hosted bots, scraping every achievement list to populate competing databases or to create derivative guide sites without permission. Defending against that manually is impossible. So site owners configure security tools to:
- Block known abuse IPs from threat intelligence feeds.
- Block entire IP ranges associated with cloud providers and VPN services.
- Implement rate limiting that, when exceeded, triggers a permanent or temporary block.
The block page you see is generated by the security layer—typically Cloudflare's "IP Access Rules" or a WordPress firewall plugin. In Cloudflare's case, a customer can add an IP, ASN, or even an entire country to a deny list, and Cloudflare will honor that rule without further analysis. Wordfence similarly allows blocks by IP, hostname, or user agent. The important detail: the site owner, not Cloudflare or the plugin developer, controls these rules. The block will remain in place until the site admin decides to remove it.
Crucially, the block page does not indicate you've been banned for misconduct; it only says the IP is banned. The definitive reason—whether it was a manual addition, an automated blacklist hit, or a range block—lives in the site's security logs. For that reason, politely contacting the site's webmaster with evidence is often the only path to a whitelist.
Practical ways to keep gaming while blocked
If you're a home user just trying to see the achievements for Edgar Poe or any other game, you don't need to wait for the block to be lifted. Here are three immediate alternatives that work on Windows, mobile, and the web.
Use the official Xbox app or Xbox.com
Microsoft documents how to view achievements directly through the Xbox Console Companion, the Xbox app for Windows and mobile, or the web interface at Xbox.com. The official client shows full achievement lists, points, dates earned, and progress—all synced with your profile. It's the most authoritative source and is never subject to third-party IP blocks.
Switch to TrueAchievements
TrueAchievements is a well-established community site and tracking service. It offers complete achievement lists for Xbox games, community-created guides, rarity stats, and a robust tracking system. Most Xbox achievement hunters use it alongside or instead of XboxAchievements.com, and its CDN configuration is rarely as draconian in blocking cloud IPs. If you're blocked from XboxAchievements.com, there's a good chance TrueAchievements will load fine.
Check Exophase as a secondary reference
Exophase aggregates achievements across multiple platforms, including Xbox, PSN, and Steam. It's a solid backup for viewing the full list and can also track your progress if you link your accounts. Like TrueAchievements, it's less prone to overzealous IP blocking.
If you specifically need information that only exists on XboxAchievements.com (such as a detailed walkthrough posted only in their forums), you can quickly work around the IP block without risky tools. The simplest method is to switch to a different network: tether to your phone's mobile data, use a friend's Wi‑Fi, or try a different browser in incognito mode. This confirms whether the block is tied to your current public IP. If the page loads from another network, the problem is IP-specific, and your home connection may eventually get a new IP if it's dynamic—a router restart sometimes forces a change. If you must use a VPN to view public content, choose a reputable paid VPN with a residential or non-cloud exit node, but be aware that many sites also block known VPN IPs.
For power users who want to investigate further, capturing the block page's metadata is useful if you plan to contact the site admin. Cloudflare blocks often include a RayID at the bottom left of the page; copy that ID, note the exact timestamp in UTC, and save a screenshot showing the full message. This evidence lets the site owner quickly find the matching security event and determine whether your IP was blocked by an automatic rule or a manual action.
Why blanket blocking cloud ranges is a double-edged sword
For site administrators, the calculus is straightforward: blocking cloud IPs dramatically reduces automated abuse and server load. However, this approach has well-documented downsides:
- False positives. Real-time blacklists and automated heuristics are not perfect; benign visitors can be classified as malicious because of a shared IP or a transient traffic spike.
- Collateral damage. Legitimate tools that run on cloud infrastructure—search engine crawlers, RSS readers, monitoring bots used by developers—get blocked, disrupting services that benefit the site.
- User friction. Blocking enthusiastic community members sours the experience and increases support overhead when users find no clear path to appeal.
Security tools like Cloudflare and Wordfence provide mechanisms to mitigate these drawbacks: detailed logging with event identifiers, the ability to whitelist specific IPs or ranges, and recommended practices like including contact instructions on block pages. Yet many site owners either don't configure these or don't monitor reports quickly. The result is that the block persists, and users are left guessing.
What to expect going forward
The tension between website security and open access isn't going away. As scraping and automated attacks continue to rise, more sites will adopt aggressive IP blocking. For users, that means occasional disruptions like this one will become more common—especially if your connection frequently uses cloud-routed IPs. For developers and power users who rely on cloud services for legitimate browsing, the message is clear: be prepared to switch to a residential IP when accessing community sites, and always keep alternative sources bookmarked.
The immediate takeaway for anyone blocked from XboxAchievements.com is that the ban is almost certainly not personal. It's a machine-made decision based on a broad security rule. Document what you saw, try the workarounds above, and if the block is a persistent nuisance, reach out to the site's contact channels with the evidence. The balance between keeping a site safe and keeping it open is delicate—but with a little patience and the right alternatives, you won't miss a single achievement.