diff --git a/github/Requester.py b/github/Requester.py
index b3e5eb554c..28b1d7436c 100644
--- a/github/Requester.py
+++ b/github/Requester.py
@@ -1218,6 +1218,10 @@ def __recordRequestTime(self, verb: str) -> None:
         # Updates self.__last_requests with current timestamp for given verb
         self.__last_requests[verb] = datetime.now(timezone.utc).timestamp()
 
+    def __extractDomainFromHostname(self, hostname: str) -> str:
+        # Extracts the domain from a hostname
+        return ".".join(hostname.split(".")[-2:])
+
     def __makeAbsoluteUrl(self, url: str) -> str:
         # URLs generated locally will be relative to __base_url
         # URLs returned from the server will start with __base_url
@@ -1225,12 +1229,10 @@ def __makeAbsoluteUrl(self, url: str) -> str:
             url = f"{self.__prefix}{url}"
         else:
             o = urllib.parse.urlparse(url)
-            assert o.hostname in [
+            assert self.__extractDomainFromHostname(o.hostname) in [
                 self.__hostname,
-                "uploads.github.com",
-                "status.github.com",
                 "github.com",
-                "objects.githubusercontent.com",
+                "githubusercontent.com",
             ], o.hostname
             assert o.path.startswith((self.__prefix, self.__graphql_prefix, "/api/", "/login/oauth")), o.path
             assert o.port == self.__port, o.port
diff --git a/tests/Requester.py b/tests/Requester.py
index a11ce1e2ba..b1cf450630 100644
--- a/tests/Requester.py
+++ b/tests/Requester.py
@@ -263,6 +263,39 @@ def testBaseUrlPrefixRedirection(self):
             "Following Github server redirection from /api/v3/repos/PyGithub/PyGithub to /repos/PyGithub/PyGithub"
         )
 
+    def testMakeAbsoluteUrl(self):
+        class TestAuth(github.Auth.AppAuth):
+            pass
+
+        # create a Requester with non-default arguments
+        auth = TestAuth(123, "key")
+        requester = github.Requester.Requester(
+            auth=auth,
+            base_url="https://base.url",
+            timeout=1,
+            user_agent="user agent",
+            per_page=123,
+            verify=False,
+            retry=3,
+            pool_size=5,
+            seconds_between_requests=1.2,
+            seconds_between_writes=3.4,
+            lazy=True,
+        )
+
+        with self.assertRaises(AssertionError) as exc:
+            requester._Requester__makeAbsoluteUrl("https://github.com.malicious.com"),
+            self.assertEqual(exc.exception.args, "AssertionError: github.com.malicious.com")
+
+        for url in [
+            "github.com",
+            "uploads.github.com",
+            "status.github.com",
+            "objects.githubusercontent.com",
+            "release-assets.githubusercontent.com",
+        ]:
+            self.assertEqual(requester._Requester__makeAbsoluteUrl(f"https://{url}"), "")
+
     PrimaryRateLimitErrors = [
         "API rate limit exceeded for x.x.x.x. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)",
     ]