// docs / domains

Domains

A domain is a verified hostname you own. Verifying once unlocks active probes, scheduled re-scans, and live threat monitoring on that hostname.

Verifying a domain

Add a hostname at Dashboard → Domains. Pick one of two verification methods:

DNS TXT — add a record at _fixvibe.<hostname> with the token we generate. We re-resolve it from our server, not yours, so SPF / DMARC settings don't interfere. Typical propagation: 1-5 minutes; we re-check every 30 seconds for 10 minutes.
HTTP file — host a small text file at /.well-known/fixvibe-verification.txt with the token. FixVibe checks it over HTTPS before enabling domain-gated features.

Verifications are re-checked daily by the domain-reverify cron. If a previously-verified domain stops resolving the token (e.g. you removed the DNS record), the verification is revoked and active scans against it drop back to verify_required until you re-add it.

Scheduled re-scans Pro+

The Pro plan can re-scan a verified domain at ≥3h cadence; the Unlimited plan at ≥6h. Open Dashboard → Domains → Schedule, enable the toggle, pick a cadence:

3 hours — available on Pro
6h, 12h, daily, every 2 days, weekly — available on Pro and Unlimited

When a scheduled run is due, FixVibe queues a fresh scan for the verified domain and records the run. The scan inherits your domain authorization until you disable the schedule or revoke active authorization.

On completion, the scan-completed email goes out using the scheduled_scan_email preference (manage at Account → Settings).

Live threat detection Unlimited+

The Unlimited plan automatically watches every verified domain for three signals between scheduled scans:

Certificate transparency — every 30 minutes we query crt.sh for new certs containing your hostname or any subdomain. New certs fire a new_certificate alert.
DNS diff — every 30 minutes we resolve A, AAAA, MX, TXT, NS, CNAME and compare against the last snapshot. Changes fire a dns_change alert.
Threat-intel — every hour we check Spamhaus DBL and URLhaus for listings of the apex hostname. Listings fire a threat_intel_listing alert.

View and dismiss alerts at Dashboard → Domains → [domain] → Monitor. Email notifications follow the threat_alert_email preference.

Snapshot retention

Monitor snapshots auto-prune after 7 days, except the most recent baseline per (domain, signal-type) pair — that one stays regardless of age so the next diff is correct. Dismissed alerts purge after 90 days.

Trigger from API or MCP

Domain management remains dashboard-only for launch. After a domain is verified and explicitly authorized, REST API and MCP can start scans against it according to your plan:

curl

curl -X POST https://fixvibe.app/api/v1/scans \
  -H "Authorization: Bearer fxv_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'