diff --git a/lib/aikido/zen/scanners/stored_ssrf_scanner.rb b/lib/aikido/zen/scanners/stored_ssrf_scanner.rb
index 2dbf0e60..435e42a7 100644
--- a/lib/aikido/zen/scanners/stored_ssrf_scanner.rb
+++ b/lib/aikido/zen/scanners/stored_ssrf_scanner.rb
@@ -36,7 +36,7 @@ def initialize(hostname, addresses, config: Aikido::Zen.config)
       def attack?
         return unless @config.stored_ssrf? # Feature flag
 
-        return if @config.imds_allowed_hosts.include?(@hostname)
+        return if @config.imds_allowed_hosts.include?(@hostname.chomp("."))
 
         @addresses.find do |address|
           DANGEROUS_ADDRESSES.any? do |dangerous_address|
diff --git a/test/aikido/zen/scanners/stored_ssrf_scanner_test.rb b/test/aikido/zen/scanners/stored_ssrf_scanner_test.rb
index 7a1816c2..7c84e89f 100644
--- a/test/aikido/zen/scanners/stored_ssrf_scanner_test.rb
+++ b/test/aikido/zen/scanners/stored_ssrf_scanner_test.rb
@@ -32,6 +32,8 @@ def refute_attack(hostname, addresses, reason = "`#{hostname}` was blocked")
   test "allows known hosts that resolve to dangerous addresses" do
     refute_attack "metadata.google.internal", ["169.254.169.254"]
     refute_attack "metadata.goog", ["169.254.169.254"]
+    refute_attack "metadata.google.internal.", ["169.254.169.254"]
+    refute_attack "metadata.goog.", ["169.254.169.254"]
   end
 
   test "allows hostnames that are trying to access the IMDS service when the stored SSRF scanning is disabled" do