Filtering http responses for subdomain takeover


I try to automate a solution to check hosts for Subdomain takeover vuln. First I get all subdomain’s responses, then use the loop to checking keywords:

if grep -l 'Repository not found\|The specified bucket does not exist\|Github Pages site here\|No such app\|Sorry, this shop is currently unavailable\|404 Blog is not found\|is not a registered InCloud YouTrack' "$  X"; then     echo "$  line" >> ./$  1/$  foldername/vulnerable.txt fi 

Do I need more specific keywords to catch subdomain takeover vuln inside http response bodies? Or something different at all?