How to report a domain takeover?

[fabriciomurta]

Select Topic Area

Question

Body

I am not a github enterprise user and I wanted to report a domain takeover so that GitHub team could investigate the malicious user and repository and (hopefully) shut it down to help prevent further takeovers.

I guess this is not the right place to share details, but I can share some general steps I took:

• I already contacted the domain owner so they can perform domain verification and fix the spot issue.
• I've searched repositories for the contents of the malicious page that is displayed on the taken over github pages., with no avail
• I've searched for CNAME files across repos to tell whether the malicious repo was public (it seems it is not, or doesn't use the CNAME file for the attack
• the HTTP headers responded by the taken host response doesn't have any reference to the github repo, although it has some identification headers like eTag, x-github-request-id and x-fastly-request-id.

So I pretty much can't tell the user or repo to report. I'm sure GitHub can internally identify the repository to which the malicious CNAME maps to and take action in the affected account (which could be a compromised user/org account as well).

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬