A domain in your alerts, paypal.com, suspected in a phishing wave, looks benign at first glance. But has its landing page subtly shifted to include malicious links, or was it cloned from a legit site? Static scans miss these evolutions; chasing historical visuals across tools scatters your focus.
The Silent Push Screenshots view in Total View builds a visual history of a domain’s web presence, capturing up to 10 of the most recent snapshots over time to track structural and content changes. It helps spot gradual compromises or verify authenticity without external searches, with a Load More option at the bottom for deeper history and click-to-enlarge previews for details.
Available for Domains and IPv4, the Screenshots view leverages Silent Push’s scan archives, complementing Web Search for content hashes and PADNS for resolution ties.
Web visuals evolve with threats, phishers tweak layouts, attackers add payloads, but disjointed archives hide the story. It provides a timeline of snapshots, revealing changes such as new buttons or altered branding that signal incidents.
Defenders verify legitimacy by comparing past cards to current states, which is essential for high-profile domains; investigators pinpoint compromise dates for forensic analysis. It supports compliance audits with a documented visual record, streamlining from anomaly spotting to escalation.
How It Wworks
Silent Push’s scanning engine captures and timestamps screenshots in-house, creating a self-sourced timeline without third-party limits. The initial load shows up to 10 recent cards; Load More fetches older ones. Cards display dated visuals, with clicks enlarging for previews and hovers providing metadata such as resolution or scan source.
Basic Raw Data mode reveals unprocessed details (e.g., full timestamps) for audits. It correlates with other views; a layout shift here might be tied to Web Search headers, flagging TTPs like kit reuse.
Generate a Set of Results
Input a domain (e.g., paypal.com) in the search bar to open Total View, and click Screenshots. Timeline cards load chronologically (up to 10 recent); filter by date or subdomain, toggle Domain Wide View for expansions. Use the Load More button at the bottom for more history.
Example
Query paypal.com in Screenshots: Cards display recent snapshots, such as one from 2025-04-04 UTC 05:44:00 (payment prompt page) and another from 2025-03-17 UTC 03:17 (send/receive interface). Pink dots mark timeline points; click a card to enlarge the preview.
Historical Screenshots
Track changes: Reviewing past screenshots reveals alterations in web design or content, helping detect gradual attacks.
Verify legitimacy: Comparing historical visuals with the current state ensures the site matches its official appearance, critical for a high-profile domain.
Investigate incidents: Pinpoints when a domain was compromised, aiding forensic analysis.
Compliance and auditing: Provides a visual record for regulatory compliance or internal audits, documenting a domain’s state over time.
Work with the Screenshots Results
The Screenshots view supports direct actions, such as copying metadata, customizing columns (e.g., adding scan dates), or downloading images/CSVs for reports. Save to a Feed or Draft Feed to monitor visual drifts.
Tips
Spot anomalies: Examine cards for visual differences (e.g., new links, altered layouts) across screenshots; click to enlarge for closer inspection.
Cross-check: Pair with Web Search or PADNS to correlate visual changes with ownership or DNS updates; use Load More for extended history.