It could be a number of things, like... maybe when you scanned the first time, they had opened a port to work on, and since closed it when you came back to try your luck again. Or secondly, when you scanned this box, were you local on that box? if you did nmap -vv -P0 -sT localhost, and then tried it again from your remote computer, then they will return different ports, because you were checking the ports being ran locally, and not the ports opened to the outside world. This could also be true if you were just inside the LAN.

HTH

Nope... It was neither localhost or a LAN machine... It's kinda weird, but i'll run both scans again. The thing that seemed odd to me is that the host is a web server, and in the second scan, port 80 didn't show up...
Anyways, thanks
Yours,
Ziggy

Other than the ideas suggested:
Host may be using DHCP and the host scanned before may not be the same as the one recently scanned.

OS may be running service that listens to ports at random to catch attempts to perform port scans, and then deny access to other services by that IP address. Go beyond a port scan. If one reports a web server, then try connecting to it with a web client; is it really a web server?

Person that owns the machine, shutdown one machine using the IP address and started up a different machine with the same IP address.

Unlikely: Input/reply filtering rules on the shell server/your_computer are preventing the replies from getting back in some cases, but not others.

Most likely is the suggestion made by IcEbLAze about there being different filtering rules for the packets accepted for delivery on the remote target with a SRC address of the shell server vs your computer's SRC address.

It is a permanent website, and it would be weird that the server didn't have the same filters for my computer and the shell, since i live in Uruguay, and the shell is in Argentina... Dunno, seems like a remote possibility

If it is a website, and you specified the name of the host in the nmap, then maybe they have multiple IP addresses mapped to answer to that same name?

Use dig and check to see how many A/CNAME records exist and how many IP are round-robin offered. Maybe you got different results because you actually scanned different hosts.

Example results when running dig on google:
ATM, 3 IP are offered for the same name lookup. Which IP a specific application received after DNS lookup can vary.

I don't think that's the reason... I mean, when you specify a host on nmap, as soon as it checks if the host's alive, it says "(xxx.xxx.xxx.xxx)" [That adress' IP adress], checked it, and both were the same....

Oh, and TheCotMan, i'll try to do that as soon as i get in my comp, since i'm on my school's computer...

Yours,
Ziggy

Then you are back to some of the other reasons suggested, the most likely being different filtering rules for the two different SRC IP addresses you were using (Home Computer vs. shell computer.)

Ok, thanks... I'll assume the results my computer gave me are the wrong ones, since port 80 didn't show up, and it's obvious it's open, since it's a website >.<

Thanks for everything (I'm kinda back at the beggining :P)...
Yours,
Ziggy

Could it possibly be from a load balancing device?

Maybe the first time you scanned one computer in their web server farm and the next you got a different computer?

-kyle