iThemes Security uses the network_site_url() function to retrieve the server's hostname. On some hosting configurations, the site's URL is set dynamically based on the requested hostname or IP address. So, if a bot were to hit an IP address directly and the Apache/Nginx configuration is set up in a particular way, this behavior can occur. It's possible the host has a constant defined in the wp-config.php file such as:
( 'WP_HOME', $_SERVER['SERVER_NAME'] )
You will need to make the appropriate changes with your hosting provider, or remove this dynamic approach so the hostname can be properly resolved.