If an e-mail is entered as an entity or threat actor, it might be useful to provide encrichment via @9b's PassiveTotal, ThreatCrowd, or some other whois search. Take yingw90@yahoo.com as an example: https://www.threatcrowd.org/email.php?email=yingw90@yahoo.com
Just have to be careful, a single registrant can return a ton of domains.
If an e-mail is entered as an entity or threat actor, it might be useful to provide encrichment via @9b's PassiveTotal, ThreatCrowd, or some other whois search. Take yingw90@yahoo.com as an example: https://www.threatcrowd.org/email.php?email=yingw90@yahoo.com
Just have to be careful, a single registrant can return a ton of domains.