Sud-domain scan odd results - nmap, dnsgoodies, ping, censys.io

There is a sub-domain which I was scanning. So for this I generally use a combination of censys.io, dnsgoodies.com and nmap. While doing this I found that they threw up different IPs for that sub-domain. Then I tried the good ol’ ping to see what happens and that gave me a completely different IP.

None of these IPs seem to be in the list thrown up by censys.io.

So can anyone please explain what could be going on here? Which of these results does one consider reliable? Are such varied results even possible or am I making some rookie mistake?

1 Like

may be use the CDN service or reverse proxy. some website use these service to protect they website and hide real ip.

Thank you very much for your reply. Is there any way we could get the actual IP in such cases?

some cases, can search history ip, I often use http://www.securityspace.com/sprobe/doprobe.html. And more you can to search on google. And if the website have some can send requets features such as get remote image and more. any send requets features from website real server can be exploit. we can listen port on ourself server to get real ip other you can try bind ip address use hosts file to verify ip. more method need discovery for yourself . But these method is not adequate in all cases.

OK This is helpful. Thanks a lot for the information. :slight_smile: