Subdomain Takeover ( Unclaimed Domain Name)

I was testing a large scope private program. One of their subdomains was redirecting to a random domain ( eg. xyqhedshhdahjs.com ) which was available for registration.

Step 1 — I collect all subdomains of the site with tools like reengine, reconftw etc

Step 2 — I went through each subdomain one by one. I notice that one of the subdomain is redirecting to another domain which was available for purchase.

Step 3 — I check in namecheap and confirm that the domain could be purchased.

I reported to the program, The Bug bounty program accepted this as a Low Vulnerability and rewarded.