Indicator Lookup
21666 indicators indexedPaste any indicator — IP, domain, URL, file hash, or CVE — and psyc tells you whether it's known-bad across the whole case corpus, which feed flagged it, and at what severity. This is the "is this thing dangerous?" desk check.
how to use this view
How to use. Type or paste an indicator and hit Look up. A green banner means it's clean (not in the corpus); a red banner means it matched known threat intel — open the case to see the full context.
What you're seeing. Matches come from the IOC index built across all 21666 indicators in the corpus. Lookup is case- and format-insensitive (EVIL.COM = evil.com).
Why it matters. A defender investigating an alert needs a fast verdict on a raw indicator — and a way to push the whole known-bad set into a firewall or DNS sinkhole (see Blocklist export below).
Blocklist export
Download the deduplicated set of known-bad indicators of one type as plain text — ready to paste into a firewall denylist, DNS sinkhole, or SIEM watchlist.
| Type | Count | Download (all) | Download (high+) |
|---|---|---|---|
| url | 4217 | url blocklist ▾ | url (high+) ▾ |
| domain | 4023 | domain blocklist ▾ | domain (high+) ▾ |
| ip | 892 | ip blocklist ▾ | ip (high+) ▾ |
| hash | 9438 | hash blocklist ▾ | hash (high+) ▾ |
| cve | 36 | cve blocklist ▾ | cve (high+) ▾ |