Let’s say if there’s only 1 domain in a program.
The domain resolves to an IP and we do a port scan on it.
If there are 20 open ports and every one of them has a vulnerable service running, example an admin panel
Are all those 20 ports/ services inside our scope?
Also is this why Hunters run port scans on all IPs that they find?