There's a quick and easy way to block an external (public) IP address without creating an ACL is to use the Cisco ASA Firewall shun feature. This is useful when you don't have Firepower service enabled in your ASA (just a stateful firewall). Below is an example of an IP address who's reported hosting malware.
C:\Users\User>ping 183.131.207.66
Pinging 183.131.207.66 with 32 bytes of data:
Reply from 183.131.207.66: bytes=32 time=74ms TTL=48
Reply from 183.131.207.66: bytes=32 time=76ms TTL=48
Reply from 183.131.207.66: bytes=32 time=74ms TTL=48
Reply from 183.131.207.66: bytes=32 time=73ms TTL=48
Ping statistics for 183.131.207.66:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 73ms, Maximum = 76ms, Average = 74ms
ciscoasa# shun ?
Hostname or A.B.C.D Specify source IP address of a mischievous host
ciscoasa# shun 183.131.207.66
Shun 183.131.207.66 added in context: single_vf
Shun 183.131.207.66 successful
ciscoasa# show shun
shun (outside) 183.131.207.66 0.0.0.0 0 0 0
I was unable to ping and HTTPS to the site/IP afterwards.
C:\Users\User>ping 183.131.207.66
Pinging 183.131.207.66 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 183.131.207.66:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
To remove the shunned host IP, just simply use the no shun <IP ADDRESS> command.
ciscoasa# no shun 183.131.207.66
ciscoasa#
ciscoasa# show shun
ciscoasa#
