The provided string webhook-url-http-3A-2F-2F169.254.169.254-2Fmetadata-2Fidentity-2Foauth2-2Ftoken decodes to a URL targeting the Azure Instance Metadata Service (IMDS). This is a high-severity security finding indicative of a Server-Side Request Forgery (SSRF) attack attempt, specifically aimed at cloud credential theft.
Disable IMDS: If your VM doesn't need a Managed Identity, disable the service entirely. To help me give you the best advice, are you: Investigating a security alert or log entry? Trying to secure a webhook feature you are building? Learning about cloud penetration testing?
The /metadata/identity/oauth2/token path specifically handles identity: What is this IP address: 169.254.169.254? - Server Fault
3. Use a Webhook Proxy Run a sidecar proxy (e.g., Webhook Relay or Nginx) that strictly filters outbound destinations. Never let your application logic resolve DNS or IPs directly.
Atlas Humble Circle © 2026