FixWeb

// docs / domains

Ngaahi domain

A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.

Verify ha domain

Add ha hostname 'i Dashboard → Domains. Fili ha verification method 'e taha mei he ua:

  • DNS TXT — add ha record 'i _fixweb.<hostname> mo e token 'oku mau generate. 'Oku mau re-resolve ia mei he'emau server, 'ikai ko ho'o server, ke 'oua na'a fakafe'atungia 'e SPF / DMARC settings. Typical propagation: 1-5 minutes; 'oku mau re-check every 30 seconds for 10 minutes.
  • HTTP file — host ha text file si'isi'i 'i /.well-known/fixweb-verification.txt mo e token. 'Oku mau fetch over HTTPS 'i he SSRF-guarded request path.

Verifications 'oku re-checked daily 'e he domain-reverify cron. Kapau 'oku ta'ofi 'e ha previously-verified domain hono resolve e token (e.g. na'a ke to'o e DNS record), 'oku revoked e verification pea active scans ki ai 'oku drop back ki verify_required kae'oua ke ke re-add.

Ngaahi scheduled re-scan Pro+

Ko e palani Pro ʻoku ne lava ke toe siva ha domain kuo fakapapauʻi ʻi he ngāue ≥3h; ko e palani Unlimited ʻi he ≥1h. Tatala ʻa e Pulonga → Domain → Tuʻutuʻuni, fakaʻai ʻa e toggle, fili ha founga:

  • 1 houa — ʻoku maʻu pē ʻi he palani Unlimited
  • 3h, 6h, 12h, faka'aho, every 2 days, weekly

Every cron tick (every 15 min) 'oku pick up 'e he scheduler e due schedules, claim 'aki optimistic compare-and-swap 'i next_run_at (ke 'oua 'e double-enqueue 'e crons 'e ua), increment ho'o scan-usage counter, pea enqueue ha passive scan fo'ou. 'Oku inherit 'e he scan ho'o domain-verification attestation — 'ikai fiema'u re-attest per run — ko ia disable e schedule ke revoke.

On completion, 'oku alu atu e scan-completed email 'aki e scheduled_scan_email preference (manage 'i Account → Settings).

Live threat detection mo'ui Unlimited+

Ko e palani Unlimited ʻoku ne tokangaʻi fakaautomesí ʻa e domain kuo fakapapauʻi taki taha ki ha ngaahi fakaʻilonga ʻe tolu ʻi he vahaʻa ʻo e ngaahi siva kuo fokotuʻutuʻu:

  • Certificate transparency — every 30 minutes 'oku mau query crt.sh ma'a certs fo'ou 'oku contain ho'o hostname pe ha subdomain. New certs fire ha new_certificate alert.
  • DNS diff — every 30 minutes 'oku mau resolve A, AAAA, MX, TXT, NS, CNAME pea compare ki he last snapshot. Changes fire ha dns_change alert.
  • Threat-intel — every hour 'oku mau check Spamhaus DBL mo URLhaus ma'a listings 'o e apex hostname. Listings fire ha threat_intel_listing alert.

Alerts 'oku dedupe 'i content-hash signature ke 'oua na'a toe fire 'a e same change. View / dismiss alerts 'i Dashboard → Domains → [domain] → Monitor. Email notifications follow e threat_alert_email pref.

Tauhi snapshot

Monitor snapshots auto-prune after 7 days, except e most recent baseline per (domain, signal-type) pair — 'oku nofo ia regardless of age ke tonu e next diff. Dismissed alerts purge after 90 days.

Trigger mei API pe MCP

Domain management 'oku UI-only lolotonga — 'ikai ha API surface ma'a verification pe schedule changes. Ke start ha scan ki ha already-verified domain via API, ngaue'aki POST /api/v1/scans:

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'
Ngaahi domain — Docs · FixWeb