It would need a bot that is accessing files via hyperlink with an aim to decompress them and riffle through their contents. The compressed file can be delivered over a compressed response to achieve the two layers, cutting down significantly on the outbound traffic. passwd.zst, secrets.docx, etc. would look pretty juicy. Throw some bait in honeypot directories (exposed for file access) listed in robots.txt and see who takes it.
It would need a bot that is accessing files via hyperlink with an aim to decompress them and riffle through their contents. The compressed file can be delivered over a compressed response to achieve the two layers, cutting down significantly on the outbound traffic. passwd.zst, secrets.docx, etc. would look pretty juicy. Throw some bait in honeypot directories (exposed for file access) listed in robots.txt and see who takes it.