FixWeb

// docs / domains

Domain-नामानि

A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.

Verifying a domain

Add a hostname at Dashboard → Domain-नामानि. Pick one of two verification methods:

  • DNS TXT — add a record at _fixweb.<hostname> सह तत् token वयम् generate. We re-resolve it तः our server, not yours, so SPF / DMARC settings don't interfere. Typical propagation: 1-5 minutes; वयम् re-check प्रत्येकम् 30 seconds कृते 10 minutes.
  • HTTP file — host a small text file at /.well-known/fixweb-verification.txt सह तत् token. We fetch over HTTPS via तत् SSRF-guarded request path.

Verifications सन्ति re-checked daily by तत् domain-reverify cron. If a previously-verified domain stops resolving तत् token (e.g. त्वम् removed तत् DNS record), तत् verification अस्ति revoked च active scans against it drop back प्रति verify_required until त्वम् re-add it.

Scheduled re-scans Pro+

Pro योजना सत्यापित-domain ≥3h-कालान्तरे पुनः-स्कैन् कर्तुं शक्नोति; Unlimited योजना ≥1h-कालान्तरे। Dashboard → Domains → Schedule उद्घाटयतु, toggle प्रवर्तयतु, कालान्तरं चिनुत:

  • 1 घण्टा — केवलम् Unlimited योजनायाम् उपलब्धम्
  • 3h, 6h, 12h, daily, प्रत्येकम् 2 days, weekly

Every cron tick (प्रत्येकम् 15 min) तत् scheduler picks up due schedules, claims them via an optimistic compare-च-swap on next_run_at (so two crons शक्नोति't double-enqueue), increments तव scan-usage counter, च enqueues a fresh passive scan. The scan inherits तव domain-verification attestation — त्वम् don't re-attest per run — so disable तत् schedule प्रति revoke.

On completion, तत् scan-completed email goes out using तत् scheduled_scan_email preference (manage at Account → Settings).

Live threat detection Unlimited+

Unlimited योजना समय-निर्धारित-स्कैन्-योः मध्ये प्रत्येकं सत्यापित-domain त्रीणि सङ्केतान् प्रति स्वयमेव अवलोकयति:

  • Certificate transparency — प्रत्येकम् 30 minutes वयम् query crt.sh कृते नूतनम् certs containing तव hostname वा any subdomain. New certs fire a new_certificate alert.
  • DNS diff — प्रत्येकम् 30 minutes वयम् resolve A, AAAA, MX, TXT, NS, CNAME च compare against तत् last snapshot. Changes fire a dns_change alert.
  • Threat-intel — प्रत्येकम् hour वयम् check Spamhaus DBL च URLhaus कृते listings of तत् apex hostname. Listings fire a threat_intel_listing alert.

Alerts dedupe on a content-hash signature so re-detecting तत् same change doesn't re-fire. View / dismiss alerts at Dashboard → Domain-नामानि → [domain] → Monitor. Email notifications follow तत् threat_alert_email pref.

Snapshot retention

Monitor snapshots auto-prune after 7 days, except तत् most recent baseline per (domain, signal-type) pair — that one stays regardless of age so तत् next diff अस्ति correct. Dismissed alerts purge after 90 days.

Trigger तः API वा MCP

Domain management अस्ति currently UI-only — न API surface कृते verification वा schedule changes. To start a scan against an already-verified domain via API, use POST /api/v1/scans:

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'
Domain-नामानि — Docs · FixWeb