The local segment protection is bypassed by using a hostname that resolves to e.g. 127.0.0.1.
For testing purposes, a selection of such domains is available at https://gist.github.com/tinogomes/c425aa2a56d289f16a1f4fcb8a65ea65 but a real attacker would probably use their own, fresh domain to bypass blocklists.