From the URL alone, pictrs might be referring to https://lib.rs/crates/pict-rs. I’ve seen talk about pict-rs being used as the image backend in Lemmy as found here. When I inspect the thumbnails of posts on lemmy.sdf.org the URLs are in a similar format. I think its picking up links to images on other instances.

I checked my logger and got a red hit for https://startrek.website/pictrs/image/3b51f06d-2714-4fac-8a90-79f5f1397c7d.png?format=webp&thumbnail=96 and while it looks concerning, the column with the rule says /^https?:\/\/[0-9a-z]{5,}\.(digital|website|life|guru|space)\/[a-z0-9]{6,}\//$xhr,3p,from=~127.0.0.1|~bitrix24.life|~ccc.ac|~jacksonchen666.com|~lemmy.world|~localhost|~mempool.space|~scribble.ninja|~scribble.website|~spacepub.space|~traineast.co.uk so it was just a pattern match on a bunch of domain TLDs commonly used for scams or ads. With the recent increase in Lemmy’s popularity, server owners are buying up cheap domains that fall within those TLDs and you’re likely to be seeing one of those.