Validation of a network operation related to use of a token via token-request-triggered storage of snapshot URL data

What is claimed is: 1. A system for using screenshot-derived uniform resource locator (URL) data to perform validation of network operations, the system comprising: one or more processors and non-transitory, computer-readable media storing instructions that, when executed by the one or more processors, cause operations comprising: detecting a token request from a user device of a user, wherein the user device is configured to collect user interface screenshots in a buffer at the user device, wherein the buffer is configured to discard collected user interface screenshots after a threshold amount of time, wherein the token request comprises a request for a first entity-restricted token associated with (i) a first entity and (ii) the user; storing, based on the detection of the token request, first screenshot-derived data in a database in association with the first entity-restricted token, the first screenshot-derived data comprising first screenshot-derived uniform resource locators (URLs) and first timestamps associated with the first screenshot-derived URLs, the first screenshot-derived URLs being extracted from a set of user interface screenshots that was in the buffer at a time of the token request; after the storage of the first screenshot-derived data, obtaining a description of a temporary authorization for a network operation involving use of the first entity-restricted token; and in response to a first validation pass using the description of the temporary authorization indicating that the network operation is invalid, performing a second validation pass by: querying the database for screenshot-derived data that matches (i) the first entity-restricted token and (ii) a time of the temporary authorization; providing a first indication that the network operation is valid in response to a determination that (i) the query returned the first screenshot-derived data and (ii) at least one URL portion of the first screenshot-derived data matches the first entity associated with the first entity-restricted token; and providing a second indication that the network operation is invalid in response to the query failing to return matching screenshot-derived data. 2. The system of claim 1 , wherein providing the first indication comprises providing the first indication that the network operation is valid in response to a determination that (i) the query returned the first screenshot-derived data, (ii) the at least one URL portion of the first screenshot-derived data matches the first entity associated with the first entity-restricted token, and (iii) the at least one URL portion of the first screenshot-derived data matches a second entity indicated in the description of the temporary authorization, the second entity being different from the first entity. 3. A method comprising: detecting a token request from a user device, wherein the user device is configured to collect user interface screenshots in a buffer and discard the user interface screenshots after a first threshold amount of time, wherein the token request comprises a request for a first entity-restricted token associated with a first entity; storing, based on the detection of the token request, first screenshot data in a database in association with the first entity-restricted token, the first screenshot data comprising first uniform resource locator (URL) data and first timestamps associated with the first URL data, the first URL data being extracted from a set of screenshots, in the buffer, of a user interface of the user device collected at a time of the token request; after the storage of the first screenshot data, obtaining a first network request for a first network operation involving use of the first entity-restricted token; performing a first query of the database for screenshot data based on (i) the first entity-restricted token and (ii) a time of the first network request; and providing a first indication that the first network operation is valid based on (i) the first query returning the first screenshot data and (ii) the first URL data of the first screenshot data matching the first entity associated with the first entity-restricted token. 4. The method of claim 3 , further comprising: after the storage of the first screenshot data, obtaining a second network request for a second network operation involving use of the first entity-restricted token; performing a second query of the database for screenshot data based on (i) the first entity-restricted token and (ii) a time of the second network request; and providing a second indication that the second network operation is invalid based on the second query failing to return matching screenshot data. 5. The method of claim 3 , wherein providing the first indication that the first network operation is valid comprises providing the first indication that the first network operation is valid based on (i) the first query returning the first screenshot data, (ii) the first URL data of the first screenshot data matching the first entity associated with the first entity-restricted token, and (iii) the first URL data matching a second entity indicated in the first network request, the second entity being different from the first entity. 6. The method of claim 3 , further comprising: in connection with the use of the first entity-restricted token, storing second screenshot data associated with a user of the user device in the database in association with the first entity-restricted token, the second screenshot data comprising second uniform resource locator (URL) data and second timestamps associated with the second URL data, the second URL data being extracted from a second set of screenshots of the user interface of the user device collected at the time of the token request; after the storage of the second screenshot data, obtaining a second network request for a second network operation involving use of the first entity-restricted token; performing a second query of the database for the second screenshot data based on the second network request; and providing a second indication that the second network request is invalid based on a determination that (i) the second query returned the second screenshot data and (ii) the second URL data of the second screenshot data corresponds to known malicious URL data. 7. The method of claim 3 , wherein providing the first indication that the first network operation is valid further comprises: retrieving, from the database, a first timestamp associated with the first URL data; determining whether the first timestamp associated with the first URL data is within a second threshold amount of time of the time of the first network request; and in response to the first timestamp associated with the first URL data is within the second threshold amount of time of the time of the first network request, providing the first indication that the first network operation is valid, wherein it is determined that the first URL data is within the second threshold amount of time of the time of the first network request. 8. The method of claim 3 , wherein providing the first indication that the first network operation is valid further comprises: detecting, via the first screenshot data, one or more first values associated with the first screenshot data; obtaining, based on the first network request, first network request data comprising a description of the first network request; determining, based on the first network request data, one or more second values associated with the description of the first network request; comparing the one or more first values to the one or more second values to determine a match between the one or more first values and the one or more second values; and validating the first net