The way DNS works, each dot is authoritative.

So if you want the IPv4 for scam.legitco.com, your computer contacts the authoritative DNS for “com” and asks it for the address for legitco’s DNS. You then contact legitco.com and ask it for scam’s IP. Which it won’t have.