Webhook-url-http-3a-2f-2f169.254.169.254-2fmetadata-2fidentity-2foauth2-2ftoken -

The URL you've shared appears to be related to a webhook or an HTTP endpoint used for obtaining an OAuth2 token, specifically within a cloud or virtual machine environment, given the IP address 169.254.169.254 . This IP address is commonly used for metadata services in cloud environments, particularly on platforms like AWS EC2.

: With a stolen Managed Identity token, an attacker can impersonate the VM to access other Azure resources like Key Vaults, Storage Accounts, or Databases , depending on the identity's permissions. Bypassing Firewalls The URL you've shared appears to be related

Metadata Header Requirements

: Services like Azure and AWS now require specific custom headers (e.g., Metadata: true ) for these internal requests to prevent simple SSRF. Ensure your application does not allow users to set these headers. Let us know in the comments below

Have you seen similar obfuscated metadata requests in your environment? Let us know in the comments below. depending on the identity's permissions.

Since SSRF originates from within the server, it can reach endpoints protected by perimeter firewalls. This effectively turns the ... Resecurity Azure SSRF with Workflow Designer Feature