FixWeb

// docs / domains

Domains

A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.

Verifying a domain

Add a hostname at Dashboard → Domains. Pick one of two verification methods:

  • DNS TXT — add a record at _fixweb.<hostname> with the token we generate. We re-resolve it from our server, not yours, so SPF / DMARC settings don't interfere. Typical propagation: 1-5 minutes; we re-check every 30 seconds for 10 minutes.
  • HTTP file — host a small text file at /.well-known/fixweb-verification.txt with the token. We fetch over HTTPS via the SSRF-guarded request path.

Verifications are re-checked daily by the domain-reverify cron. If a previously-verified domain stops resolving the token (e.g. you removed the DNS record), the verification is revoked and active scans against it drop back to verify_required until you re-add it.

Scheduled re-scans Pro+

The Pro plan can re-scan a verified domain at ≥3h cadence; the Unlimited plan at ≥1h. Open Dashboard → Domains → Schedule, enable the toggle, pick a cadence:

  • 1 hour — available only on the Unlimited plan
  • 3h, 6h, 12h, daily, every 2 days, weekly

Every cron tick (every 15 min) the scheduler picks up due schedules, claims them via an optimistic compare-and-swap on next_run_at (so two crons can't double-enqueue), increments your scan-usage counter, and enqueues a fresh passive scan. The scan inherits your domain-verification attestation — you don't re-attest per run — so disable the schedule to revoke.

On completion, the scan-completed email goes out using the scheduled_scan_email preference (manage at Account → Settings).

Live threat detection Unlimited+

The Unlimited plan automatically watches every verified domain for three signals between scheduled scans:

  • Certificate transparency — every 30 minutes we query crt.sh for new certs containing your hostname or any subdomain. New certs fire a new_certificate alert.
  • DNS diff — every 30 minutes we resolve A, AAAA, MX, TXT, NS, CNAME and compare against the last snapshot. Changes fire a dns_change alert.
  • Threat-intel — every hour we check Spamhaus DBL and URLhaus for listings of the apex hostname. Listings fire a threat_intel_listing alert.

Alerts dedupe on a content-hash signature so re-detecting the same change doesn't re-fire. View / dismiss alerts at Dashboard → Domains → [domain] → Monitor. Email notifications follow the threat_alert_email pref.

Snapshot retention

Monitor snapshots auto-prune after 7 days, except the most recent baseline per (domain, signal-type) pair — that one stays regardless of age so the next diff is correct. Dismissed alerts purge after 90 days.

Trigger from API or MCP

Domain management is currently UI-only — no API surface for verification or schedule changes. To start a scan against an already-verified domain via API, use POST /api/v1/scans:

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'