Updated: Feb 20
An attacker can claim Subdomain with the help of external service.This attack is practically non-traceable.This attack is possible when an attacker gets to know situation like for a particular website domain or service is expired but the redirection is not removed then the attack can claim that domain or service.
If you bought support service from zendesk for support.xyz.com and forgot to remove redirection after service is expired.
The attacker will go to zendesk and buy support services for support.xyz.com.
Download and Run: www.github.com/nahamsec/HostileSubBruteForcer