SSRF — Allowlist Bypass via Redirect

PreviewBot has an allowlist — only example.com / wikipedia.org / githubusercontent.com URLs are accepted. But the fetcher follows HTTP redirects without re-checking. Find a redirect host that points back to internal.