The quick answer to this question is that it's usually the best to use the hostname (e.g. www.intruder.io).
However, there are some cases where it's better to add both. If any of the following are true for your website, you need to add both the hostname and the IP address as targets in the portal:
- The website is hosted on a content delivery network (CDN) such as CloudFlare or AWS CloudFront
- A DNS lookup of the hostname gives multiple IP addresses in its results (In this case it's best to add the hostname and all of the IPs)
If none of the above conditions apply to the system which serves your website, you should only add the hostname as a target in Intruder's portal.
Other Common Examples
What if I've got ten websites on one IP?
Enter the ten website hostnames, but don't add the IP. In this case you'll get charged for the ten websites but not the IP, but the IP will get scanned as part of scanning the websites.
What if I've got one hostname pointing to multiple IPs?
Scanning all these IPs may make sense, if you want to be completely sure there's no configuration drift between them, which can sometimes introduce weaknesses on individual systems.
If for this reason you want to scan all these IPs, you'll need to add each of them individually, and to be sure the website is being properly scanned, we would recommend to add the hostname as well.