Webhook-url-http-3a-2f-2f169.254.169.254-2fmetadata-2fidentity-2foauth2-2ftoken !link! -

If that request succeeds, the attacker receives an access token. Depending on the Managed Identity attached to your server, that token could grant them:

That ugly string in your logs— webhook-url-http-3A-2F-2F169.254.169.254 —is not a configuration error. It is a . If that request succeeds, the attacker receives an

http://169.254.169.254/metadata/identity/oauth2/token If that request succeeds

Developers use this endpoint to grant a VM access to other Azure services (like Key Vault or SQL Database) using . If that request succeeds, the attacker receives an

The /identity/oauth2/token path is the specific "ask" for a Managed Identity token on Microsoft Azure.

Do not allow arbitrary IPs. Only allow outbound requests to known SaaS vendor IPs (e.g., slack.com , github.com ). Never allow 169.254.0.0/16 .

: The metadata service responds with an OAuth2 token, along with other details such as token expiration.