diff --git a/detection-rules/link_hidden_dir.yml b/detection-rules/link_hidden_dir.yml
index db17122baca..6e6e19edab3 100644
--- a/detection-rules/link_hidden_dir.yml
+++ b/detection-rules/link_hidden_dir.yml
@@ -11,7 +11,12 @@ source: |
   and any(body.links,
           (
             strings.icontains(.href_url.path, "/.well-known/")
-            and regex.icontains(.href_url.path, '\/\.well-known\/[^\/]+\/')
+            and (
+              // well-known with a directory behind it
+              regex.icontains(.href_url.path, '\/\.well-known\/[^\/]+\/')
+              // or a fragment in the url
+              or .href_url.fragment is not null
+            )
           )
           or strings.icontains(.href_url.path, "/.js/")
           or strings.icontains(.href_url.path, "/.env/")