The July 14 service alert attributed severe slowness to high network traffic and described vendor stabilization and request limits.

The public captures establish the interface state visible at the recorded times. They do not identify a human actor or prove backend causation by themselves.

That is why the preservation demands target access logs, WAF and CDN records, database and application logs, deployment history, vendor tickets, retention actions, administrator events, and before-and-after content records.