@JasonPan - MSFT Blocking at IP address level was not doable as requests were coming from varios IP address from different countries (Russia, Mexico an Brazil)
Eventually I decided to filter thru IIS using the following rule but it doesn't seem to work as expected.
When using this rule
<filteringRule name="TESTRULE" scanUrl="true" scanQueryString="true">
<add string="BLOCKINGWORD" />
My website gives me what is shown below. I was expecting a 404 page not found, according to what I read.