Webhook-url-http-3a-2f-2f169.254.169.254-2fmetadata-2fidentity-2foauth2-2ftoken ((new)) Jun 2026

Imagine a young developer named Leo who builds a "Link Previewer" tool. You paste a URL, and his server visits the site to grab a thumbnail and a title. It seems harmless—until a hacker named "Cipher" arrives.

The /identity/oauth2/token path is the specific "ask" for a Managed Identity token on Microsoft Azure. Imagine a young developer named Leo who builds

If you are on Azure, ensure your metadata service requires the Metadata: true header and the X-Identity-Header . However, never rely on this as your only defense —the attacker can still forge headers. The /identity/oauth2/token path is the specific "ask" for

A potentially malicious webhook URL has been detected: http://169.254.169.254/metadata/identity/oauth2/token . This URL appears to be attempting to exploit a vulnerability in the Azure Instance Metadata Service. A potentially malicious webhook URL has been detected:

The detected webhook URL appears to be a potential threat, and it is essential to take immediate action to mitigate any potential risks. By monitoring for suspicious activity, validating webhook configurations, and implementing security measures, you can help protect your Azure environment from potential exploitation.