New Interactive Historical IP Timeline is live! Explore here.
ELLIO Blocklist Automation

Clean traffic, backed by automation and threat intel.

With ELLIO Blocklist Automation, manage all blocklists and custom IP rules across your firewalls from a single, centralized console - without manual syncing, blind spots, or overblocking.

Sources
x ELLIO Threat List MAX
x Block Shodan
x Block Driftnet
โœ“ Allow Palo Alto Xpanse
โœ“ Never block Google Crawlers
โœ“ Never block Bing Crawlers
โœ“ Never block CDN Origin IPs
x SOC IP List
x 3rd Party Blocklist
โœ“ My Infrastructure
Targets
CheckPoint
Palo Alto
FortiGate
Cisco
Sophos
F5
pfSense
OPNsense
ntop
Traefik
Linux

Integrated with leading firewall vendors.

Palo Alto N
Palo Alto N
Fortinet
Fortinet
Cisco
Cisco
CheckPoint
CheckPoint
F5
F5
SOPHOS
SOPHOS
pfSense
pfSense
OPNsense
OPNsense
ntop
ntop
Traefik Proxy
Traefik Proxy

See how ELLIO works for you.

Custom Blocklist Configuration

9 rules
ELLIO Threat List MAX +350,248
Block Shodan +400
Block Driftnet +320
Allow Censys -1,024
Never block Google Crawlers -1,024
Never block Bing Crawlers -512
SOC IP List +10,240
3rd Party Blocklist +32,768
My Infrastructure -512
ELLIO
390,904 IPs in blocklist
130,302 CIDR prefixes

Firewalls

5 targets
CheckPoint 130,302
Palo Alto 130,302
FortiGate 130,302
Cisco 130,302
Linux 130,302
Start a free trial

Customize, automate, and monitor
all your blocklists in one place.

My EDL Deployments 3
Perimeter Block
Blocklist Ingress Palo Alto
218.9K entries
902.6K IPs
Every 5 min 2 min ago
CDN Allow
Allowlist Ingress FortiGate
124.7K entries
307.7K IPs
Every 5 min 2 min ago

One place for all your blocklists.

Bring all your threat feeds and blocklists into one place. ELLIO automatically downloads and updates them based on your conditions.

Create EDL Deployment
1
Configuration
2
Sources
3
Review
Threat List MAX 890K Included
RECON IP List 142K Included
SOC IP Ruleset 2.4K Included
3rd Party Feed 38K Included

Set up exact rules your environment needs.

Create custom blocklists and IP rulesets by combining ELLIO Threat Lists with external feeds. Deploy across one or more firewalls of different vendors, with policies adapted to each asset's exposure and role.

Services
Google Crawler Allowed
Bing Crawler Allowed
Cloudflare Allowed
Zscaler Allowed

Protect legitimate business traffic by default.

Automatically allow legitimate crawlers, monitoring bots, and business-critical services. Their IPs are kept up to date, so they are never accidentally blocked.

Deployments 4
Perimeter Block Blocklist
RECON Scanner Blocklist
CDN Allowlist Allowlist
SOC Custom Blocklist

Full visibility and monitoring.

Monitor all blocklists and IP rules from one place. See what's deployed on each firewall, track updates, catch errors early, and clearly see where every rule applies.

Traffic
CVE-2025-3127 Blocked
Customer API Allowed
Recon Attempt Blocked
Partner webhook Allowed

Stop attacks early.

Block only active malicious IPs and unwanted traffic. Block exploitation attempts before vendor detections appear, giving extra time to patch critical systems.

Keep critical traffic flowing.

Define which services are blocked or always allowed, and where. ELLIO maintains a continuously updated database of IPs for business and cloud services (Google, Microsoft, AWS, and more), ensuring your firewall rules stay accurate as cloud infrastructure changes.

Common Business Services

Continuously updated IP intelligence

Cloud 183.5M
AWS, Azure, GCP, OCI, Tencent
SaaS / Services 50.7M
M365, Google Workspace, GitHub, Zscaler
CDN 13.3M
Cloudflare, Akamai, Fastly, CloudFront
Crawlers 45K
Google, Bing, Apple, PetalSearch, Seznam
248.2M IPv4 1.4T IPv6 Updated < 5 min ago

Block what matters, when it matters.

Block only active malicious traffic - as soon as it appears and without disrupting legitimate business traffic. With ELLIO Cyber Deception, you also block exploitation attempts before vendor detections exist, gaining extra time to patch critical systems.

ELLIO Blocklist MAX ELLIO Recon IP Lists
ELLIO Blocklist Automation

Malicious blocked, legitimate passed

CVE-2025-3127 exploit Blocked
Customer API call Allowed
Credential stuffing Blocked
Partner webhook Allowed
Mass exploitation wave Blocked
Monitoring health check Allowed

Built for teams of any size.

From global enterprises and MSPs to small teams.

ELLIO Blocklist Automation
GENERAL
Self-service web portal
Multi-tenancy & multi-firewall support
Activity history & audit-ready logging
KEY FEATURES
Access to ELLIO Threat Lists
Add and organize multisource external threat feeds and blocklists
Create custom blocklists
Create custom IP rulesets
Block or allow cloud, CDN, Saas traffic (granular or broad)
Block or allow scanning services (Shodan, Censys, Cortex Xpanse, Driffnet, BinaryEdge)
Access to continuously updated service IP database
Customize deployment/s to each perimeter, firewall
Deploy consistent policies across all firewall
ELLIO THREAT LISTS
ELLIO Threat List MAX 250,000 - 750,000 active malicious IPs
ELLIO Threat List RDP Protects remote access services
ELLIO Recon IP Lists Current IPs from scanning services
INTEGRATION
Firewall & NGFW compatibility
Full programmatic control via API

Early action strengthens your entire security stack.

Stylized illustration of a cat in a blue hoodie using a laptop computer, representing a cybersecurity hacker or threat actor

Save resources by stopping attacks before they become costly.

Stop attacks early, during recon, before mass exploitation campaigns hit your network. Save time and resources.

Gain extra time to patch critical vulnerabilities.

Block exploitation attempts before vendor detections exist, gaining extra time to patch critical systems.

See what's urgent by cutting noise at the perimeter.

Cut the noise from XDR, IPS, IDS, and other tools by fortifying your perimeter.

Ensure both security and smooth traffic.

Prevent overblocking and delayed response to new malicious IPs. Automate blocking and keep business traffic flowing.

Strengthen your perimeter with ELLIO.

192.0.2.14Shodan:443blocked
198.51.100.73Censys:22blocked
203.0.113.41Xpanse:80allowed
203.0.113.22Driftnet:8443blocked
192.0.2.88BinaryEdge:443blocked
198.51.100.201Shodan:8080blocked
203.0.113.119Censys:22blocked
192.0.2.55Xpanse:443allowed
198.51.100.9Stretchoid:443blocked
203.0.113.87Shodan:22blocked
192.0.2.156Censys:8080blocked
198.51.100.44Xpanse:443allowed
192.0.2.14Shodan:443blocked
198.51.100.73Censys:22blocked
203.0.113.41Xpanse:80allowed
203.0.113.22Driftnet:8443blocked
192.0.2.88BinaryEdge:443blocked
198.51.100.201Shodan:8080blocked
203.0.113.119Censys:22blocked
192.0.2.55Xpanse:443allowed
198.51.100.9Stretchoid:443blocked
203.0.113.87Shodan:22blocked
192.0.2.156Censys:8080blocked
198.51.100.44Xpanse:443allowed

ELLIO Recon IP Lists

Continuously updated lists of scanner IPs. Define exactly which scanners to block or always allow.

Learn more

Talk to Security Expert

Mon
Tue
Wed
Thu
Fri

Select a date to choose a time

By submitting this form, you agree to our Privacy Policy and allow us to process your information to respond to your request. We may occasionally send you updates about our products and services, and you can unsubscribe at any time.