When adversaries register malicious domains for C2 servers, phishing servers, or payload servers, the choices they make when it comes to registration, hosting, certificates, mail servers and more can be useful in determining their targets and discovering a fuller picture of their operations in DNS.