nmap – Scanning a domain name

Answer to question 1: We are actually scanning the server that the website is hosted on, right?

We are scanning the open ports on that host, that host can have multiple Vhosts, but in the end all of them are being served via port 80 (HTTP) or 443 (HTTPS).

Answer to question 2: If there is another domain hosted on the same server, the results of the scan would be same?

Yes, they would be the same, take this example as a reference:

The IP for this demonstration would be:

151.101.65.195

That IP address is used by many domains, as you can verify by using a ping command:

galoget@hackem:~$ ping -c 4 cncworks.co.nz
PING cncworks.co.nz (151.101.65.195) 56(84) bytes of data.
64 bytes from 151.101.65.195 (151.101.65.195): icmp_seq=1 ttl=39 time=10.5 ms
64 bytes from 151.101.65.195 (151.101.65.195): icmp_seq=2 ttl=39 time=10.6 ms
64 bytes from 151.101.65.195 (151.101.65.195): icmp_seq=3 ttl=39 time=10.7 ms
64 bytes from 151.101.65.195 (151.101.65.195): icmp_seq=4 ttl=39 time=10.8 ms

--- cncworks.co.nz ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 10.518/10.650/10.814/0.106 ms


galoget@hackem:~$ ping -c 4 vivaanprojects.com
PING vivaanprojects.com (151.101.1.195) 56(84) bytes of data.
64 bytes from 151.101.1.195 (151.101.1.195): icmp_seq=1 ttl=39 time=10.7 ms
64 bytes from 151.101.1.195 (151.101.1.195): icmp_seq=2 ttl=39 time=10.7 ms
64 bytes from 151.101.1.195 (151.101.1.195): icmp_seq=3 ttl=39 time=10.7 ms
64 bytes from 151.101.1.195 (151.101.1.195): icmp_seq=4 ttl=39 time=10.7 ms

--- vivaanprojects.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 10.682/10.695/10.704/0.008 ms

If you run a nmap scan to all ports, the results are the same:

galoget@hackem:~$ nmap -p- cncworks.co.nz
Starting Nmap 7.80 ( https://nmap.org ) at 2021-07-11 19:10 UTC
Nmap scan report for cncworks.co.nz (151.101.1.195)
Host is up (0.011s latency).
Other addresses for cncworks.co.nz (not scanned): 151.101.65.195
Not shown: 65533 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https


galoget@hackem:~$ nmap -p- vivaanprojects.com
Starting Nmap 7.80 ( https://nmap.org ) at 2021-07-11 19:14 UTC
Nmap scan report for vivaanprojects.com (151.101.65.195)
Host is up (0.011s latency).
Other addresses for vivaanprojects.com (not scanned): 151.101.1.195
Not shown: 65533 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 104.45 seconds