FixWeb

// docs / domains

Dominiokuna

A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.

Verifying a dominio

Add a hostname at Dashboard → Dominiokuna. Pick one of two verification methods:

  • DNS TXT — add a record at _fixweb.<hostname> wan chay token ñuqayku generate. We re-resolve it manta our server, not yours, so SPF / DMARC settings don't interfere. Typical propagation: 1-5 minutes; ñuqayku re-check sapa 30 seconds paq 10 minutes.
  • HTTP file — host a small text file at /.well-known/fixweb-verification.txt wan chay token. We fetch over HTTPS via chay SSRF-guarded mañakuy path.

Verifications kanku re-checked daily by chay domain-reverify cron. If a previously-verified dominio stops resolving chay token (e.g. qan removed chay DNS record), chay verification kan revoked hinallataq active qhawaykuna against it drop back man verify_required until qan re-add it.

Scheduled re-qhawaykuna Pro+

Pro planqa verifikasqa dominiota ≥3h kadenciapi watiqmanta escaneayta atin; Unlimited planqa ≥1hpi. Dashboard → Dominiokuna → Plan kichay, toggleta kachay, cadenciata akllay:

  • 1 hora — Unlimited planpi sapallam tarikun
  • 3h, 6h, 12h, daily, sapa 2 days, weekly

Every cron tick (sapa 15 min) chay scheduler picks up due schedules, claims them via an optimistic compare-hinallataq-swap on next_run_at (so two crons atin't double-enqueue), increments niyki qhaway-usage counter, hinallataq enqueues a fresh passive qhaway. The qhaway inherits niyki dominio-verification attestation — qan don't re-attest per run — so disable chay schedule man revoke.

On completion, chay qhaway-completed email goes out using chay scheduled_scan_email preference (manage at Account → Settings).

Live threat detection Unlimited+

Unlimited planqa sapallan qhawan sapa verifikasqa dominiota kinsa señaltaq plan escaneokuna chawpinpi:

  • Certificate transparency — sapa 30 minutes ñuqayku query crt.sh paq musuq certs containing niyki hostname utaq any subdomain. New certs fire a new_certificate willay.
  • DNS diff — sapa 30 minutes ñuqayku resolve A, AAAA, MX, TXT, NS, CNAME hinallataq compare against chay last snapshot. Changes fire a dns_change willay.
  • Threat-intel — sapa hour ñuqayku check Spamhaus DBL hinallataq URLhaus paq listings of chay apex hostname. Listings fire a threat_intel_listing willay.

Alerts dedupe on a content-hash signature so re-detecting chay same change doesn't re-fire. View / dismiss willaykuna at Dashboard → Dominiokuna → [dominio] → Monitor. Email notifications follow chay threat_alert_email pref.

Snapshot retention

Monitor snapshots auto-prune after 7 days, except chay most recent baseline per (dominio, signal-type) pair — that one stays regardless of age so chay next diff kan correct. Dismissed willaykuna purge after 90 days.

Trigger manta API utaq MCP

Domain management kan currently UI-only — mana API surface paq verification utaq schedule changes. To start a qhaway against an already-verified dominio via API, use POST /api/v1/scans:

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'
Dominiokuna — Docs · FixWeb