I read the S3-docs and found that signing-errors disclosed the bucket-name. This can be used when CDNs are put in front of a bucket. It doesn't work in all cases, but many of them. You need an access-key to make it work (no secret-key)
S3 decloaker:
The reason to find the bucket is to make further ACL-checks on the bucket. When the bucket is hidden behind a CDN, you cannot make proper requests to the bucket so no ACL-checks can be made, that's why you need the bucket name.
@olemoudi
@paradoxengine
you only need one that is working, doesn't matter what account it is connected to. the signature-error order first checks if the access-key exists or not