watchTowr Labs investigated thousands of abandoned but live backdoors installed on various compromised sites to determine what data the original backdoor owners have stolen. They published their findings in “Backdooring Your Backdoors — Another $20 Domain, More Governments” and, in the process, identified 34 domains as indicators of compromise (IoCs).