A domain in your alerts, paypal.com, suspected in a phishing wave, looks benign at first glance. But has its landing page subtly shifted to include malicious links, or was it cloned from a legit site? Static scans miss these evolutions; chasing historical visuals across tools scatters your focus.
The Silent Push Screenshots tab builds a visual history of a domain’s web presence in Total View, capturing up to 10 of the most recent snapshots over time to track structural and content changes. It aids in spotting gradual compromises or verifying authenticity without external hunts, with a Load More option at the bottom for deeper history and click-to-enlarge previews for details.
Available for Domains and IPv4, this tab leverages Silent Push’s scan archives, complementing Web Search for content hashes and PADNS for resolution ties.
Why is it useful?
Web visuals evolve with threats, phishers tweak layouts, attackers add payloads, but disjointed archives hide the story. This tab provides a timeline of snapshots, revealing changes such as new buttons or altered branding that signal incidents.
Defenders verify legitimacy by comparing past cards to current states, essential for high-profile domains; investigators pinpoint compromise dates for forensics. It supports compliance audits with a documented visual record, streamlining from anomaly spotting to escalation.
How does it work?
Silent Push’s scanning engine captures and timestamps screenshots in-house, creating a self-sourced timeline without third-party limits. The initial load shows up to 10 recent cards; Load More fetches older ones. Cards display dated visuals, with clicks enlarging for previews and hovers for metadata like resolution or scan source.
Basic Raw Data mode reveals unprocessed details (e.g., full timestamps) for audits. It correlates with other tabs; a layout shift here might be tied to Web Search headers, flagging TTPs like kit reuse.
Generate a set of results
Input a domain (e.g., paypal.com) in the search bar to open Total View, and click the Screenshots tab. Timeline cards load chronologically (up to 10 recent); filter by date or subdomain, toggle Domain Wide View for expansions. Use "Load More" at the bottom for additional history.
Example
Query paypal.com in Screenshots: Cards display recent snapshots, such as one from 2025-04-04 UTC 05:44:00 (payment prompt page) and another from 2025-03-17 UTC 03:17 (send/receive interface). Pink dots mark timeline points; click a card to enlarge the preview.
Historical Screenshots
Track changes: Reviewing past screenshots reveals alterations in web design or content, helping detect gradual attacks.
Verify legitimacy: Comparing historical visuals with the current state ensures the site matches its official appearance, critical for a high-profile domain.
Investigate incidents: Pinpoints when a domain was compromised, aiding forensic analysis.
Compliance and auditing: Provides a visual record for regulatory compliance or internal audits, documenting a domain’s state over time.
Work with the Screenshots results
The tab supports direct actions, such as copying metadata, customizing columns (e.g., adding scan dates), or downloading images/CSVs for reports. Save to a Feed or Draft Feed to monitor visual drifts.
Tips
Spot anomalies: Examine cards for visual differences (e.g., new links, altered layouts) across screenshots; click to enlarge for closer inspection.
Cross-check: Pair with Web Search or PADNS to correlate visual changes with ownership or DNS updates; use Load More for extended history.