Typically, systems that sit behind a load balancer, will not be exposed to the internet (they may be firewalled off from the internet, or sit on an internal network not accessible to Intruder's scanners). In this case, Intruder won't be able to scan the individual servers that the load balancer proxies traffic for.

However, if your load balanced systems have at least one port/service exposed to the internet, then we recommend adding them as targets, per this article.

If you're not sure how many of your systems are exposed, simply add all of them to Intruder and Smart Recon will tell you which are active and which are unresponsive. (FYI: you only pay to scan active targets.) For those on our Pro and Vanguard plans, we take it one step further and display the hostname and the IP address it resolves to; open ports, protocols and services as well as service information, such as software version numbers – all of which can be found in Network View.

We recommend scanning via a domain name rather than an IP as the server responds differently. With a domain name there is more attack area to test, meaning we might find more – though, that does not necessarily mean that we won't find anything when targeting an IP, it just might yield less; furthermore, it is sometimes still useful for peace of mind.

If your targets are hosted in one of the three cloud platform mentioned above, we recommend trying out our cloud integration, as it may uncover some additional assets that you didn't know about.