// docs / domains
Domains ni nomu
A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.
Verify e dua na domain
Add e dua na hostname ena Dashboard β Domains. Digitaka e dua vei rau na verification methods:
- DNS TXT β add e dua na record ena
_fixweb.<hostname>kei na token keitou generate. Keitou re-resolve mai na neitou server, sega ni nomu, me kua ni veilecayaki na SPF / DMARC settings. Typical propagation: 1-5 minutes; keitou re-check every 30 seconds for 10 minutes. - HTTP file β host e dua na text file lailai ena
/.well-known/fixweb-verification.txtkei na token. Keitou fetch over HTTPS ena SSRF-guarded request path.
Verifications e re-checked daily ena domain-reverify cron. Kevaka e dua na previously-verified domain e muduka na resolving ni token (e.g. o sa remove na DNS record), e revoked na verification ka active scans ki na domain o ya e drop back ki verify_required me yacova ni o re-add.
Scheduled re-scans tuvanaki Pro+
Na palani Pro e rawa ni vakaraici tale e dua na domain vakadinadinataki ena cadence β₯3h; na palani Unlimited ena β₯1h. Dolava na Dashboard β Domain β iTuvatuva, gusunaka na toggle, digia e dua na cadence:
- 1 na aua β e tu ga ena palani Unlimited
- 3h, 6h, 12h, veisiga, every 2 days, weekly
Every cron tick (every 15 min) e pick up na scheduler na due schedules, claim ena optimistic compare-and-swap ena next_run_at (me kua ni double-enqueue e rua na crons), increment nomu scan-usage counter, ka enqueue e dua na passive scan vou. E inherit na scan na nomu domain-verification attestation β sega ni gadrevi mo re-attest per run β o koya mo disable na schedule me revoke.
On completion, e lako yani na scan-completed email ena scheduled_scan_email preference (manage ena Account β Settings).
Live threat detection bula Unlimited+
Na palani Unlimited e qaqaravi vakatabakidua na veidomain vakadinadinataki ena tolu na ivakaraitaki ena maliwa ni vakaraici e tuvanaki:
- Certificate transparency β every 30 minutes keitou query crt.sh me baleta na certs vou e contain nomu hostname se dua na subdomain. New certs e fire e dua na
new_certificatealert. - DNS diff β every 30 minutes keitou resolve A, AAAA, MX, TXT, NS, CNAME ka compare kei na last snapshot. Changes e fire e dua na
dns_changealert. - Threat-intel β every hour keitou check Spamhaus DBL kei URLhaus me baleta na listings ni apex hostname. Listings e fire e dua na
threat_intel_listingalert.
Alerts e dedupe ena content-hash signature me kua ni re-fire ni re-detect na same change. View / dismiss alerts ena Dashboard β Domains β [domain] β Monitor. Email notifications e follow na threat_alert_email pref.
Maroroi ni snapshot
Monitor snapshots e auto-prune after 7 days, except na most recent baseline per (domain, signal-type) pair β e tiko ga o ya regardless of age me dodonu kina na next diff. Dismissed alerts e purge after 90 days.
Trigger mai API se MCP
Domain management e UI-only ena gauna oqo β sega na API surface me baleta verification se schedule changes. Me start e dua na scan ki na already-verified domain via API, vakayagataka POST /api/v1/scans:
curl -X POST https://fixweb.app/api/v1/scans \
-H "Authorization: Bearer fxw_..." \
-H "content-type: application/json" \
-d '{"target":"https://example.com"}'