1. Found SSRF and get Cloud Metadata. 2. Common high risk with disclosed cloud metadata is about security credential, but not found at this point :( 3. Found the instance public IP in latest/meta-data/public-ipv4, access the IP and got 404 response 4. Nmap the IP, nmap identified the server was located in Vultr cloud provider with open port 22,53,80 and 443. 5. Trying to get more exposure with SSRF with scan all port. 6. Amazed, got some firewalled port, port 8080 was run the Traefik application.