I don't think you'd want to go through the trouble for smaller botnets though. It's really only the very big ones that face co-ordinated takedown efforts.

For a very small botnet that doesn't attract attention, you could really use any social media site for C&C if your goal was to avoid network-level detection.

For a slightly bigger botnet that might get abuse reports, you could just get a bunch of domains on different ccTLDs from various bulletproof registrars. There are some huge botnets doing this without much trouble.

It's really only the really big botnets where you want to worry about things like P2P C&Cs for censorship resistance, they're the ones that will face co-ordinated efforts to shut them don.

I feel like the block explorers aren't a really good solution, for small botnets there are less conspicuous options. Here's a (real) botnet C&C that uses Steam, and has been doing so for a long time https://steamcommunity.com/profiles/76561199621451974 It's a rather silly implementation though, not sure why the developer decided to do it this way.

It's also worth noting that most botnets aren't targeting networks where they'd really have to worry about network-level detection, so in almost all cases using your own domain names is by far the easiest and most reliable option.

I'd also guess the most common malware these days is of the often short-lived "stealer" type, where the operator doesn't necessarily really care about keeping their bots alive as the malware just immediately grabs all the interesting data from your computer and uploads it.