Using the IoPA Search Tool
Using the IoPA Search Tool
Category: Features & Tools
IoPA stands for Indicators of Pre-Attack - high-confidence signals that adversarial infrastructure is being built to target your organization, detected before any actual attack occurs.
How to Search
In the IoPA page, enter a suspicious indicator:
- A domain (e.g.,
malicious-site.com) - An IP address (e.g.,
192.168.1.1) - An email address (e.g.,
attacker@evil.com)
Malanta will analyze the indicator and show its connections to known attack infrastructure.
Graph View
The graph visualization shows how indicators are connected in clusters:
- Clusters - Groups of related infrastructure elements attackers use together
- Connections - Lines showing relationships (DNS resolution, certificates, redirects, etc.)
Node Types
- Attack Seed (white with red border) - The original indicator you searched for
- Pivot (white with yellow border) - A key connector between clusters
- Domain (blue) - A domain in the attack infrastructure
- IP (purple) - An IP address in the attack infrastructure
- SSL Certificate (dark blue) - A certificate connecting infrastructure
- Email (light blue) - An email used in domain registration or abuse
- Cluster (cyan) - A group of related infrastructure elements
Table View
- Node Type - The indicator type
- Value - The indicator value
Updated on: 26/02/2026
Thank you!