FixWeb

// docs / domains

Domene

A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.

Faamaonia se domain

Faaopoopo se hostname i Dashboard → Domains. Filifili se tasi o verification methods e lua:

  • DNS TXT — faaopoopo se record i _fixweb.<hostname> ma le token matou te generate. Matou te re-resolve mai la matou server, e le o lau server, ina ia le faalavelave SPF / DMARC settings. Typical propagation: 1-5 minutes; matou te re-check every 30 seconds for 10 minutes.
  • HTTP file — host se text file laitiiti i /.well-known/fixweb-verification.txt ma le token. Matou te fetch over HTTPS e ala i le SSRF-guarded request path.

Verifications e re-checked daily e le domain-reverify cron. Afai e taofi se previously-verified domain mai le resolving o le token (e.g. na e aveese le DNS record), e revoked le verification ma toe foi active scans faasaga i ai i verify_required seia e re-add.

Toe-skani fa'atulagaina Pro+

Ole polokalama Pro e mafai ona toe sikani se domain ua faʻamaonia i le saoasaoa ≥3h; le polokalama Unlimited i le ≥1h. Tatala le Dashboard → Domain → Faasologa, faʻagaoioi le toggle, filifili se saoasaoa:

  • 1 itula — e maua i le polokalama Unlimited
  • 3h, 6h, 12h, daily, every 2 days, weekly

I cron tick taitasi (every 15 min) e pick up e le scheduler schedules ua due, claim e ala i optimistic compare-and-swap i next_run_at (ina ia le double-enqueue e crons e lua), increment lau scan-usage counter, ma enqueue se passive scan fou. E inherit e le scan lau domain-verification attestation — e te le re-attest i run taitasi — o lea disable le schedule e revoke.

Pe a completion, e alu atu le scan-completed email e faaaoga le scheduled_scan_email preference (manage i Account → Settings).

Mata'ituina o lamatiaga ola Unlimited+

Ole polokalama Unlimited e otometi va'ai i so'o se domain ua faʻamaonia mo ni faʻailoga e tolu i le va o sikani ua fuafuaina:

  • Certificate transparency — every 30 minutes matou te query crt.sh mo certs fou o loo iai lau hostname po o so o se subdomain. New certs e fire se new_certificate alert.
  • DNS diff — every 30 minutes matou te resolve A, AAAA, MX, TXT, NS, CNAME ma compare i le last snapshot. Changes e fire se dns_change alert.
  • Threat-intel — every hour matou te check Spamhaus DBL ma URLhaus mo listings o le apex hostname. Listings e fire se threat_intel_listing alert.

Alerts e dedupe i content-hash signature ina ia le toe fire pe a re-detect le same change. View / dismiss alerts i Dashboard → Domains → [domain] → Monitor. Email notifications e follow le threat_alert_email pref.

Snapshot retention

Monitor snapshots e auto-prune pe a uma 7 days, vagana le most recent baseline mo le pair (domain, signal-type) — e nofo pea lena tusa lava po o le age ina ia sao le next diff. Dismissed alerts e purge pe a uma 90 days.

Trigger mai API po o MCP

Domain management e UI-only i le taimi nei — e leai se API surface mo verification po o schedule changes. Ina ia start se scan faasaga i se already-verified domain via API, faaaoga POST /api/v1/scans:

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'
Domene — Docs · FixWeb