Reconnaissance is the first phase of a typical penetration testing or bug hunting process. It involves gathering information about the target domain, such as example.com, to identify potential attack surfaces and vulnerabilities. Here are some steps to start reconnaissance on the domain example.com:

1. Research the target: Start by researching the target domain, example.com, to gather as much information as possible about the company, its products, services, and technologies used.

2. Domain Enumeration: Use tools such as dig, nslookup, whois, and others to gather information about the domain name system (DNS) records for example.com. This can reveal subdomains, IP addresses, and other information about the target domain.

3. IP Scanning: Use tools such as Nmap to scan the IP addresses associated with example.com to identify open ports and running services. This information can help identify potential attack surfaces and entry points into the target network.

4. Web Application Analysis: Analyze the web applications hosted on example.com to identify potential vulnerabilities, such as cross-site scripting (XSS), SQL injection, and others. You can use tools such as Burp Suite, OWASP ZAP, or others to automate this process.

5. Social Engineering: Use social engineering techniques, such as phishing or baiting, to gather information about the target and its employees. This information can be used to gain access to sensitive systems or data.

6. Passive Information Gathering: Gather information about the target from publicly available sources, such as search engines, social media, and forums, to identify potential weaknesses and entry points.

These steps can help you gather information about the target domain, example.com, and identify potential vulnerabilities that can be exploited in the next phases of a penetration testing or bug hunting engagement. It is important to remember that reconnaissance should be conducted in a legal and ethical manner, and with the permission of the target domain's owner.