alt Hacker NewsThat page looks phishing-related but doesn't appear to directly serving abusive content?
Does that XML get processed by a mailreader?
<ListBucketResult xmlns="http://doc.s3.amazonaws.com/2006-03-01"> <Name>savelinge</Name> <Prefix/> <Marker/> <IsTruncated>false</IsTruncated> <Contents> <Key>winbridge.html</Key> <Generation>1775478745793193</Generation> <MetaGeneration>2</MetaGeneration> <LastModified>2026-04-06T12:32:25.871Z</LastModified> <ETag>"3616712a8e68db66062a3f514b5fb7c8"</ETag> <Size>626</Size> </Contents> </ListBucketResult>
Replies
dvh • yesterday at 7:13 PM
I shortened url to remove PII. Full url causes few redirects before landing on scam site.
I am guessing that service returns the XML file as a directory listing; the file called winbridge.html does exist in that directory (and contains a JavaScript code to redirect to a different URL). (Another comment said they shortened the URL to remove PII (which I am guessing was in the fragment part of the original URL; the JavaScript code makes a new URL from randomly selecting a domain name (even though the list has only one) and appending the fragment part as the path), so I suppose the file name was removed and then this directory listing is the result.)