About

About ThreatScope Check

ThreatScope Check is a lightweight public trust-signal triage tool for reading selected domain-layer signals from the outside.

What ThreatScope Check is for

ThreatScope Check helps governance, risk, digital trust and technical readers inspect selected public signals for one domain at one point in time.

It focuses on externally visible DNS, mail, web delivery, certificate-surface and registration signals. These signals do not tell the whole story, but they can make a domain’s public trust posture easier to inspect and discuss.

How to read a result

Start with the snapshot

The Summary tab gives a plain-English overview, priority observations and next steps worth considering.

Check the evidence

Findings should be read alongside the visible evidence, source diagnostics, coverage information, confidence level and limitations. Each surface notes whether a signal was observed, authoritatively absent, or simply unavailable at scan time - an unavailable source is a limit of visibility, not a mark against the domain.

Keep scope narrow

The service does not log in, probe internal systems, verify internal controls or provide assurance.

Use support for edge cases

Unexpected results can be raised through the ThreatScope Check area in the Vigo Support Centre. Source diagnostics help distinguish unavailable evidence from negative posture.

Public signals, clear limits

Results are deliberately plain-English, evidence-led and limitation-aware. They help frame better follow-up questions without creating scores, ratings, certification claims or safety guarantees.

ThreatScope Check works from observable public evidence. It does not rely on privileged access, and it should not be treated as a replacement for technical review or formal assurance.

.au and related work

ThreatScope Check is built with .au context in mind, but it is not limited to .au domains. It provides a point-in-time reading for one domain.

Related work through .auDO observes public signals across a curated .au panel over time. ThreatScope Check does not use .auDO data to produce results.

ThreatScope Check surfaces public domain-layer signals. It does not determine whether an organisation is well governed. For a practical governance conversation, the Domain Governance Baseline provides a separate self-assessment around ownership, accountability and visible public signals.