Snapshot provenance
Snapshot provenance explains when .auDO observed a domain, which collection source path was used, and what raw public evidence was preserved.
Observed evidence
Observed by .auDO
These fields describe the public evidence .auDO records for this signal where available.
Interpretation
How to read this signal
This signal is useful as public evidence of visible posture or change, not as a conclusion on its own.
Why it matters
Provenance helps readers understand the evidence trail behind an observation. It connects point-in-time metadata, source availability, fallback context and preserved public responses so changes can be reviewed without treating them as conclusions.
What change may indicate
A provenance change may indicate a new collection run, temporary source unavailability, fallback collection, source representation differences, DNS answer rotation, redaction changes or normal evidence refresh.
Limits
What it cannot tell us
Provenance records the collection context and evidence available to .auDO at the time. It cannot prove a source was complete in every case, and it cannot prove risk, safety, intent, compromise, negligence or private operational state.
Observations are descriptive records, not risk scores, allegations or evidence of compromise.
Observed patterns
Common observations
Report surface
Where it appears
This signal can appear in daily reports, the observation panel, methodology notes, derived report artefacts and preserved raw snapshot evidence when the relevant fields are present.
Nearby signals
Related signals
Use alongside
Explore this signal in context
Provenance signals are most useful when read alongside reports, methodology notes and the observation panel.