What is the purpose of using expired domains for C2 servers in penetration testing?

In penetration testing, expired domains that were previously categorized as legitimate by services like Symantec BlueCoat are often chosen as C2 domains because they are less likely to be flagged. Tools like CatMyFish automate searching for such domains on expireddomains.net and checking their reputation via sitereview.bluecoat.com.