AURiX · SWEET

Receipt — Evidence of Page Behavior

A tamper-evident record of what a web page did, captured at the moment you were there.
Site: checkout.example-store.com
Page: https://checkout.example-store.com/cart
Captured: 2026-07-10T18:42:11-07:00  ·  window 2026-07-10T18:41:55 → 18:42:11 (16s)
Observer: AURiX SWEET v0.4.1 — glass engine (US Prov. 64/108,926, patent pending)
#ReadingWhat was observed (plain fact)Seen
1 AMBER
pre-checked cost box
This box arrived already checked — you did not check it. Opts you into: "Add PriorityCare protection — $4.99/mo, billed monthly". 18:41:58
2 AMBER
fake countdown
A script on this page is changing this timer (ticked 9 times since you arrived). A real deadline behind it cannot be verified from your browser. 18:42:03
3 AMBER
cost drift
This amount read $9.99 when the page loaded; now reads $16.98. 18:42:07
4 RED
cross-domain tracker submit
This form sends what you enter to google-analytics.com, a different domain than the site you are on (checkout.example-store.com). A known tracking domain. 18:42:09
5 AMBER
hidden decline
This "no thanks" is clickable but rendered with 26% opacity and 9px text, while the button beside it is not. 18:42:10
A reading of observable page mechanisms at the time of capture. Not a verdict on any party's intent. Verify independently.
Integrity — SHA-256 of the evidence payload
5445a65012d767461dd1e7e0ecff7ff58a57e4d3e5e294e6e3b473789736614d
Signature — Ed25519 (signed with the holder's AURiX key)
<your AUDiT signature here — this sample is unsigned; the paid tool signs with your key so any tamper breaks the seal>
Generated by AURiX SWEET. The reading names observable mechanisms, never a verdict on intent. Anyone can recompute the SHA-256 over the payload to confirm nothing was altered; the Ed25519 signature binds it to the holder. Detection method: U.S. Provisional 64/108,926 (patent pending). SWEET the glass is free. This Receipt is the keepable proof.