Fully configurable, real-time blocklists to stop attackers in their tracks

Start BlockingBuy Now
Get started with a 14-day free trial

How GreyNoise Block Improves Your Network Security

Use With Any Firewall
Lower Risk of Overblocking
Buy Time for Remediation
Reduce Alert Noise
Keep Pace with Emerging Threats
HOW GREYNOISE BLOCK Improves Security

Use With Any Firewall

GreyNoise Blocklists integrate with a large number of tools, making your security ecosystem more powerful and efficient.

Start Blocking
Get started with a 14-day free trial
HOW GREYNOISE BLOCK Improves Security

Lower Risk of Overblocking

Real-time lists built from observed attack traffic, not stale third-party feeds. Tune aggressiveness by how recently malicious activity was seen.

Start Blocking
Get started with a 14-day FREE trial
HOW GREYNOISE BLOCK Improves Security

Buy Time for Remediation

Cut off hostile IPs and CVE exploits before they spread, giving you critical time for longer-term fixes

Start Blocking
Get started with a 14-day FREE trial
HOW GREYNOISE BLOCK Improves Security

Reduce Alert Noise

Block mass scanning and exploitation attempts to shrink SIEM logs, cut storage costs, and ease analyst workload

Start Blocking
Get started with a 14-day FREE trial
HOW GREYNOISE BLOCK Improves Security

Keep Pace with Emerging Threats

Blocklists update in real time as new attacker infrastructure appears, staying effective against fast-moving campaigns.

Start Blocking
Get started with a 14-day FREE trial

How GreyNoise Block Improves Your Network Security

Use With Any Firewall
Lower Risk of Overblocking
Buy Time for Remediation
Reduce Alert Noise

Driven by defender-trusted cyber intel

400+

Global government agencies

60%

Of the Fortune 1000

80,000+

Users

FLEXIBLE CONFIGURATIONS

Build Custom Blocklists

Fully configurable blocklists using GreyNoise Query Language

Dates

First seen, last seen

Source Country

Geographic filtering

Spoofable

Whether the IP completed a TCP connection

Associated CVEs

Target specific vulnerabilities

IP Reputation

Malicious, suspicious, benign, unknown

Associated Tags

Custom categorization

Actor

Identified actors associated with IP addresses

Pre-built Configurations

Use Predefined Blocklists

Make use of our fully configurable blocklist templates. Compatible with all major firewalls through External Dynamic Lists (EDL)

All-Inclusive Malicious Traffic Lists

Block all identified malicious traffic

Targeted Lists

Focus on specific geographies and technology vendors

Continuous Updates

All lists refreshed in real-time from the GreyNoise Global Observation Grid

Primary-Source Intelligence

Lists based exclusively on data collected directly from GreyNoise sensors

View All Blocklists

Name
Oct-2025 RDP Botnet Campaign
Behavior
IPs involved in October 2025 Botnet targeting Microsoft RDP.
Oct-2025 RDP Botnet Campaign
IPs involved in October 2025 Botnet targeting Microsoft RDP.
Name
Mirai Botnet
Behavior
IPs exhibiting Mirai behavior in the last week.
Mirai Botnet
IPs exhibiting Mirai behavior in the last week.
Name
All IPs Seen by GreyNoise
Behavior
Anything that talked to our Global Observatioin Grid. Note that this is the most aggressive blocklist.
All IPs Seen by GreyNoise
Anything that talked to our Global Observatioin Grid. Note that this is the most aggressive blocklist.
Name
Threats: All CVEs
Behavior
Any IPs engaged in recon/attack activity for any CVE.
Threats: All CVEs
Any IPs engaged in recon/attack activity for any CVE.
Name
Threats: 2025 CVEs
Behavior
Any IPs engaged in recon/attack activity for any CVE issued in 2025.
Threats: 2025 CVEs
Any IPs engaged in recon/attack activity for any CVE issued in 2025.
Name
Unknown Classification IPs
Behavior
Anything that has been seen by our Global Observation Grid but without any intention. Note that this would be a very agressive blocklist.
Unknown Classification IPs
Anything that has been seen by our Global Observation Grid but without any intention. Note that this would be a very agressive blocklist.
Name
Non-Benign Classification IPs
Behavior
Anything that talked to our Global Observation Grid and isn't a known Benign organization. Note that this would be a very aggressive blocklist.
Non-Benign Classification IPs
Anything that talked to our Global Observation Grid and isn't a known Benign organization. Note that this would be a very aggressive blocklist.
Name
All Bad Intent IPs
Behavior
Anything with either malicious or suspicious activity in the last day.
All Bad Intent IPs
Anything with either malicious or suspicious activity in the last day.
Name
All Suspicious Classification IPs
Behavior
Anything seen in the last day that sent suspicious traffic.
All Suspicious Classification IPs
Anything seen in the last day that sent suspicious traffic.
Name
All Malicious Classification IPs
Behavior
Anything seen in the last day that sent malicious traffic.
All Malicious Classification IPs
Anything seen in the last day that sent malicious traffic.
Name
Source Country: Iran
Behavior
Traffic coming from Iran
Source Country: Iran
Traffic coming from Iran
Name
Source Country: Russia
Behavior
Traffic coming from Russia
Source Country: Russia
Traffic coming from Russia
Name
Source Country: North Korea
Behavior
Traffic coming from North Korea
Source Country: North Korea
Traffic coming from North Korea
Name
Technology: Fortinet
Behavior
Any IPs engaged in recon/attack activity for Fortinet.
Technology: Fortinet
Any IPs engaged in recon/attack activity for Fortinet.
Name
Technology: Sonicwall
Behavior
Any IPs engaged in recon/attack activity for Sonicwall
Technology: Sonicwall
Any IPs engaged in recon/attack activity for Sonicwall
Name
Technology: Checkpoint
Behavior
Any IPs engaged in recon/attack activity for Checkpoint
Technology: Checkpoint
Any IPs engaged in recon/attack activity for Checkpoint
Name
Technology: Ivanti Secure Connect VPN
Behavior
Any IPs engaged in recon/attack activity for Ivanti Secure Connect VPN
Technology: Ivanti Secure Connect VPN
Any IPs engaged in recon/attack activity for Ivanti Secure Connect VPN
Name
Technology: Barracuda
Behavior
Any IPs engaged in recon/attack activity for Barracuda
Technology: Barracuda
Any IPs engaged in recon/attack activity for Barracuda
Name
Technology: Cisco
Behavior
Any IPs engaged in recon/attack activity for Cisco
Technology: Cisco
Any IPs engaged in recon/attack activity for Cisco
Name
Technology: Citrix
Behavior
Any IPs engaged in recon/attack activity for Citrix
Technology: Citrix
Any IPs engaged in recon/attack activity for Citrix
Name
Technology: F5
Behavior
Any IPs engaged in recon/attack activity for F5
Technology: F5
Any IPs engaged in recon/attack activity for F5
Name
Technology: Palo Alto Networks
Behavior
Any IPs engaged in recon/attack activity for Palo Alto
Technology: Palo Alto Networks
Any IPs engaged in recon/attack activity for Palo Alto

Stop mass exploitation for good

Start BlockingBuy Now
Get started with a 14-day FREE trial
Products
Partners
Resources
Company
© 2025 GreyNoise, Inc. All rights reserved.
YouTube logoJoin us on Slack!Discord logoTikTok logo