Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain IIS versions.
f5cd05c837ee40cc8d76e4b5fce64d92ed540c8b1d92111ed48c20b1a0540540