By any chance, do you know what's the legal status of, say, shodan.io in US?
If the screenshots weren't reviewed - or, worse, hand-picked - by a human, but fetched in completely automated and unsupervised manner, then it's essentially the same as any other crawler bot (like Shodan or even Google/Bing) does. Connecting to random public services running on globally-routeable addresses and politely asking them what they do (then storing the result) can be argued to be perfectly legal.
The technical details don't much matter. What matters is what the users do with it, and whether their uses can be shown, by a prosecutor, to represent the kind of access that a reasonable person looking at the same computer system would know was not authorized.
If the screenshots weren't reviewed - or, worse, hand-picked - by a human, but fetched in completely automated and unsupervised manner, then it's essentially the same as any other crawler bot (like Shodan or even Google/Bing) does. Connecting to random public services running on globally-routeable addresses and politely asking them what they do (then storing the result) can be argued to be perfectly legal.