Verified domain still going to attacker github

Hello, I’ve verified my domain but it is still going to the attacker github. What to do?

if I’m not mistaken, verifying GitHub domain means, others can’t take ownership of that, but not in the sense that it will be free from attacks, even GitHub is vulnerable to attacks that they always guard against

Pages has a domain protection mechanism that is rather new.

@Rotemy I did a quick pass on the few Pages domains you protected (for either yourself or your organizations) but could not find anything suspicious. Could you tell me which domain you are having issues with? Feel free to share that with if you don’t want to share that here.

Yes, the domain “” is hijacked, but after verification the domain is still going into the attacker repository. Why Github don’t check that his repository is not under our organization with the verified domain?

@Rotemy Perfect, I see you verified this domain yesterday.

To shed some light on how domain verification works for Pages, when you verify a domain that is being actively used by other users, those users get an email and are given 7 days to also prove ownership of the domain. Failure to do so (= takeovers) automatically results in them losing the domain/Pages association.

We are always more than happy to speed up the process as needed when contacted via support.

Since you verified your domain already, I went ahead and released for you.

Note: domain verification only covers direct subdomains. Since you are using more than that currently, I highly recommend you also verify and

Let me know if you have further questions.


This post was flagged by the community and is temporarily hidden.