Skip to content

Screenshot History

The Screenshot History panel provides an index of archived website screenshots for a domain, showing visual changes over time. Browse through historical captures to understand how a website has evolved.

What's included

The Screenshot History panel displays:

  • Screenshot index: Dates when screenshots were captured
  • Current screenshot: Most recent website capture
  • Historical screenshots: Previous captures with timestamps
  • Navigation controls: Browse through screenshot history

View screenshots

Current screenshot

By default, the panel displays the most recent screenshot captured for the domain.

Historical screenshots

When multiple historical screenshots are available:

  1. Use the < or > navigation controls.
  2. Browse through screenshots chronologically.
  3. View the capture date for each screenshot.

Request new screenshots

If Screenshot History is empty or outdated, request a new screenshot:

  1. Navigate to the Screenshot History panel.
  2. Select the Update Content button.
  3. The web crawler queues the domain for screenshot capture.

Screenshots are typically available:

  • Within 5 minutes for most domains
  • Up to 24 hours in some cases

Screenshot collection

DomainTools captures screenshots as part of web crawler operations:

Automatic collection:

  • Upon first discovery of a domain
  • Every 3 months for domains with risk scores of 70 or higher
  • Daily for domains watched in Iris Detect

Manual collection:

  • Via the Update Content button in Screenshot History
  • Via the Update Content button in Domain Profile

Use cases

Track website changes

Monitor visual evolution of websites:

  • Content updates
  • Design changes
  • Branding modifications
  • Functionality changes

Investigate suspicious activity

Identify patterns indicating malicious use:

  • Rapid content changes
  • Phishing page deployment
  • Brand impersonation
  • Parked domain transitions

Verify legitimacy

Confirm website authenticity:

  • Consistent branding over time
  • Professional design
  • Appropriate content
  • Expected functionality

Document campaigns

Track threat campaign lifecycle:

  • Initial deployment
  • Active period
  • Takedown or modification
  • Post-takedown state

Best practices

Efficient analysis

  1. Start with current: Review the most recent screenshot.
  2. Compare with historical: Identify significant changes.
  3. Note dates: Correlate changes with other intelligence.
  4. Cross-reference: Compare with Domain History and WHOIS History.

Investigation workflow

  1. Review Domain Profile: Get overview including current screenshot.
  2. Open Screenshot History: Examine visual timeline.
  3. Identify changes: Note significant modifications.
  4. Correlate with data: Compare with DNS, WHOIS, SSL changes.
  5. Document findings: Capture key observations.

What to look for

Legitimate patterns:

  • Gradual, planned design updates
  • Consistent branding
  • Professional appearance
  • Appropriate content for domain purpose

Suspicious patterns:

  • Rapid, frequent changes
  • Phishing or impersonation content
  • Parked domain pages
  • Malicious redirects
  • Content mismatched with registration

Limitations

  • Screenshot availability depends on web crawler access
  • Some domains may not be accessible for screenshot capture
  • Historical screenshot coverage varies by domain
  • Screenshots show only the landing page, not full site

See also