urlscan.io logo urlscan.io
SecurityTrails logo

pics2.23d.de Open in urlscan Pro
62.108.32.134  Public Scan

Go To Rescan Add Verdict Report
URL: https://pics2.23d.de/
Submission Tags: phishingrod
Submission: On January 13 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 62.108.32.134, located in Germany and belongs to COMTRANCE-AS, DE. The main domain is pics2.23d.de.
TLS certificate: Issued by R3 on November 14th 2023. Valid for: 3 months.
This is the only time pics2.23d.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 62.108.32.134 30962 (COMTRANCE-AS)
6 1
Apex Domain
Subdomains		 Transfer
6 23d.de
pics2.23d.de
239 KB
6 1
Domain Requested by
6 pics2.23d.de pics2.23d.de
6 1

This site contains links to these domains. Also see Links.

Domain
lycheeorg.github.io
Subject Issuer Validity Valid
pics2.23d.de
R3		 2023-11-14 -
2024-02-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pics2.23d.de/
Frame ID: E631A01947BAA7E1E137DD77E7BBD555
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Lychee v4 - Albums

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

239 kB
Transfer

941 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pics2.23d.de/ 		64 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pics2.23d.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.108.32.134 , Germany, ASN30962 (COMTRANCE-AS, DE),
Reverse DNS
ha01s014.org-dns.com
Software
nginx / PHP/7.3.33
Resource Hash
dd5ede8854a813c053ad11ba8d5aeb6c988e6c4731967c8a064137c70ed3a428
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:; base-uri 'none'; connect-src 'self' http://lycheeorg.github.io/update.json blob:; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://maps.wikimedia.org/osm-intl/ https://a.tile.osm.org/ https://b.tile.osm.org/ https://c.tile.osm.org/ https://a.tile.openstreetmap.de/ https://b.tile.openstreetmap.de/ https://c.tile.openstreetmap.de/ https://a.tile.openstreetmap.fr/osmfr/ https://b.tile.openstreetmap.fr/osmfr/ https://c.tile.openstreetmap.fr/osmfr/ https://a.osm.rrze.fau.de/osmhd/ https://b.osm.rrze.fau.de/osmhd/ https://c.osm.rrze.fau.de/osmhd/ https://lycheeorg.github.io/ data: blob:; manifest-src 'none'; media-src 'self' blob:; object-src 'none'; script-src 'self' 'report-sample' https://www.dropbox.com/static/api/1/dropins.js 'sha256-8bLztrDF3NUpheSuvAzpebgX1DpPJEfhmUHKTwGF4qA='; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; worker-src 'none'
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, must-revalidate
content-encoding
gzip
content-length
16734
content-security-policy
default-src 'self' blob:; base-uri 'none'; connect-src 'self' http://lycheeorg.github.io/update.json blob:; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://maps.wikimedia.org/osm-intl/ https://a.tile.osm.org/ https://b.tile.osm.org/ https://c.tile.osm.org/ https://a.tile.openstreetmap.de/ https://b.tile.openstreetmap.de/ https://c.tile.openstreetmap.de/ https://a.tile.openstreetmap.fr/osmfr/ https://b.tile.openstreetmap.fr/osmfr/ https://c.tile.openstreetmap.fr/osmfr/ https://a.osm.rrze.fau.de/osmhd/ https://b.osm.rrze.fau.de/osmhd/ https://c.osm.rrze.fau.de/osmhd/ https://lycheeorg.github.io/ data: blob:; manifest-src 'none'; media-src 'self' blob:; object-src 'none'; script-src 'self' 'report-sample' https://www.dropbox.com/static/api/1/dropins.js 'sha256-8bLztrDF3NUpheSuvAzpebgX1DpPJEfhmUHKTwGF4qA='; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; worker-src 'none'
content-type
text/html; charset=UTF-8
date
Sat, 13 Jan 2024 17:22:17 GMT
expires
-1
feature-policy
autoplay 'self'; encrypted-media 'self'; fullscreen 'self'; picture-in-picture *; speaker 'self'; sync-xhr *; vr 'self'
pragma
no-cache
referrer-policy
no-referrer
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
deny
x-permitted-cross-domain-policies
none
x-powered-by
PHP/7.3.33
x-xss-protection
1; mode=block
main.css
pics2.23d.de/dist/ 		93 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pics2.23d.de/dist/main.css?1590493985
Requested by
Host: pics2.23d.de
URL: https://pics2.23d.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.108.32.134 , Germany, ASN30962 (COMTRANCE-AS, DE),
Reverse DNS
ha01s014.org-dns.com
Software
nginx /
Resource Hash
96eca65f94c78b4a7fda36b641fe081e3bb9d823677121d66ded3bb86e8abe18

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 17:22:17 GMT
content-encoding
gzip
last-modified
Tue, 26 May 2020 11:53:05 GMT
server
nginx
etag
"1727e-5a68bbcfe4a40-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
14760
user.css
pics2.23d.de/dist/ 		0
121 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pics2.23d.de/dist/user.css?1590493986
Requested by
Host: pics2.23d.de
URL: https://pics2.23d.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.108.32.134 , Germany, ASN30962 (COMTRANCE-AS, DE),
Reverse DNS
ha01s014.org-dns.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 17:22:17 GMT
last-modified
Tue, 26 May 2020 11:53:06 GMT
server
nginx
accept-ranges
bytes
etag
"0-5a68bbd0d8c80"
content-length
0
content-type
text/css
main.js
pics2.23d.de/dist/ 		767 KB
198 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pics2.23d.de/dist/main.js?1590493985
Requested by
Host: pics2.23d.de
URL: https://pics2.23d.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.108.32.134 , Germany, ASN30962 (COMTRANCE-AS, DE),
Reverse DNS
ha01s014.org-dns.com
Software
nginx /
Resource Hash
95eeba3b2fcef943e27dad2f55d745b030fa3daaf55cd34b0e16324976902994

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 17:22:17 GMT
content-encoding
gzip
last-modified
Tue, 26 May 2020 11:53:05 GMT
server
nginx
etag
"bfba4-5a68bbcfe4a40-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
index.php
pics2.23d.de/php/ 		17 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pics2.23d.de/php/index.php
Requested by
Host: pics2.23d.de
URL: https://pics2.23d.de/dist/main.js?1590493985
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.108.32.134 , Germany, ASN30962 (COMTRANCE-AS, DE),
Reverse DNS
ha01s014.org-dns.com
Software
nginx / PHP/7.3.33
Resource Hash
666d9a48394467c16de4859e96380b10a12ea4e7c87bf592ab72ada2fff33874
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:; base-uri 'none'; connect-src 'self' http://lycheeorg.github.io/update.json blob:; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://maps.wikimedia.org/osm-intl/ https://a.tile.osm.org/ https://b.tile.osm.org/ https://c.tile.osm.org/ https://a.tile.openstreetmap.de/ https://b.tile.openstreetmap.de/ https://c.tile.openstreetmap.de/ https://a.tile.openstreetmap.fr/osmfr/ https://b.tile.openstreetmap.fr/osmfr/ https://c.tile.openstreetmap.fr/osmfr/ https://a.osm.rrze.fau.de/osmhd/ https://b.osm.rrze.fau.de/osmhd/ https://c.osm.rrze.fau.de/osmhd/ https://lycheeorg.github.io/ data: blob:; manifest-src 'none'; media-src 'self' blob:; object-src 'none'; script-src 'self' 'report-sample' https://www.dropbox.com/static/api/1/dropins.js 'sha256-8bLztrDF3NUpheSuvAzpebgX1DpPJEfhmUHKTwGF4qA='; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; worker-src 'none'
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
X-XSRF-TOKEN
eyJpdiI6InZZOWU5TWRQcFZ2bkZ5ZzByNnNhcnc9PSIsInZhbHVlIjoielV0Q2duc0tkbUluVmkvOXhJSDIyaEJmUm5kNHMybVZRbStFa25pbUVSR3BNREY0QWhOKyttUWgxVjc4RWN5dyIsIm1hYyI6IjhhNWQ1NDZlMThlMTJlNDkzODYzNTEwOWYyOTgyMjhkYWMxZGIwMmJhOWNiN2IwNDJhODRlNWMzYmIyYWNiYjQifQ
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 13 Jan 2024 17:22:18 GMT
content-security-policy
default-src 'self' blob:; base-uri 'none'; connect-src 'self' http://lycheeorg.github.io/update.json blob:; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://maps.wikimedia.org/osm-intl/ https://a.tile.osm.org/ https://b.tile.osm.org/ https://c.tile.osm.org/ https://a.tile.openstreetmap.de/ https://b.tile.openstreetmap.de/ https://c.tile.openstreetmap.de/ https://a.tile.openstreetmap.fr/osmfr/ https://b.tile.openstreetmap.fr/osmfr/ https://c.tile.openstreetmap.fr/osmfr/ https://a.osm.rrze.fau.de/osmhd/ https://b.osm.rrze.fau.de/osmhd/ https://c.osm.rrze.fau.de/osmhd/ https://lycheeorg.github.io/ data: blob:; manifest-src 'none'; media-src 'self' blob:; object-src 'none'; script-src 'self' 'report-sample' https://www.dropbox.com/static/api/1/dropins.js 'sha256-8bLztrDF3NUpheSuvAzpebgX1DpPJEfhmUHKTwGF4qA='; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; worker-src 'none'
x-content-type-options
nosniff
content-encoding
br
x-permitted-cross-domain-policies
none
x-powered-by
PHP/7.3.33
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
server
nginx
x-download-options
noopen
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
cache-control
private, must-revalidate
feature-policy
autoplay 'self'; encrypted-media 'self'; fullscreen 'self'; picture-in-picture *; speaker 'self'; sync-xhr *; vr 'self'
expires
-1
Albums::get
pics2.23d.de/api/ 		51 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pics2.23d.de/api/Albums::get
Requested by
Host: pics2.23d.de
URL: https://pics2.23d.de/dist/main.js?1590493985
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.108.32.134 , Germany, ASN30962 (COMTRANCE-AS, DE),
Reverse DNS
ha01s014.org-dns.com
Software
nginx / PHP/7.3.33
Resource Hash
955c912faeae3724a1f04d0323e6dbfb43adae0f0f480c7cef92c3e0d6c3fad6
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:; base-uri 'none'; connect-src 'self' http://lycheeorg.github.io/update.json blob:; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://maps.wikimedia.org/osm-intl/ https://a.tile.osm.org/ https://b.tile.osm.org/ https://c.tile.osm.org/ https://a.tile.openstreetmap.de/ https://b.tile.openstreetmap.de/ https://c.tile.openstreetmap.de/ https://a.tile.openstreetmap.fr/osmfr/ https://b.tile.openstreetmap.fr/osmfr/ https://c.tile.openstreetmap.fr/osmfr/ https://a.osm.rrze.fau.de/osmhd/ https://b.osm.rrze.fau.de/osmhd/ https://c.osm.rrze.fau.de/osmhd/ https://lycheeorg.github.io/ data: blob:; manifest-src 'none'; media-src 'self' blob:; object-src 'none'; script-src 'self' 'report-sample' https://www.dropbox.com/static/api/1/dropins.js 'sha256-8bLztrDF3NUpheSuvAzpebgX1DpPJEfhmUHKTwGF4qA='; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; worker-src 'none'
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
X-XSRF-TOKEN
eyJpdiI6IlZ0aGxCYkJQMHA5cVdDQzlSWU4ycVE9PSIsInZhbHVlIjoidktnRnVHQ0VwUW51S1kycG1EWlNDU2VlaS9Zd3BBQnZEa3poSVpwZkxhcy9DSW13QlZydFh2ZXdSVThSaTc0ayIsIm1hYyI6IjE4NTIwMmUxZTAzZDRkNDFmOTgxOGM3YmMyYmMzZTYyNzJkNTY0MmE1MzRjYjA5Yjg1ZWE2MmUxZDlkNmQ3YzkifQ
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 13 Jan 2024 17:22:18 GMT
content-security-policy
default-src 'self' blob:; base-uri 'none'; connect-src 'self' http://lycheeorg.github.io/update.json blob:; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://maps.wikimedia.org/osm-intl/ https://a.tile.osm.org/ https://b.tile.osm.org/ https://c.tile.osm.org/ https://a.tile.openstreetmap.de/ https://b.tile.openstreetmap.de/ https://c.tile.openstreetmap.de/ https://a.tile.openstreetmap.fr/osmfr/ https://b.tile.openstreetmap.fr/osmfr/ https://c.tile.openstreetmap.fr/osmfr/ https://a.osm.rrze.fau.de/osmhd/ https://b.osm.rrze.fau.de/osmhd/ https://c.osm.rrze.fau.de/osmhd/ https://lycheeorg.github.io/ data: blob:; manifest-src 'none'; media-src 'self' blob:; object-src 'none'; script-src 'self' 'report-sample' https://www.dropbox.com/static/api/1/dropins.js 'sha256-8bLztrDF3NUpheSuvAzpebgX1DpPJEfhmUHKTwGF4qA='; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; worker-src 'none'
x-content-type-options
nosniff
content-encoding
br
x-permitted-cross-domain-policies
none
x-powered-by
PHP/7.3.33
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
server
nginx
x-download-options
noopen
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
cache-control
private, must-revalidate
feature-policy
autoplay 'self'; encrypted-media 'self'; fullscreen 'self'; picture-in-picture *; speaker 'self'; sync-xhr *; vr 'self'
expires
-1

Verdicts & Comments Add Verdict or Comment

124 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _typeof object| _templateObject object| _templateObject2 object| _templateObject3 object| _templateObject4 object| _templateObject5 object| _templateObject6 object| _templateObject7 object| _templateObject8 object| _templateObject9 object| _templateObject10 object| _templateObject11 object| _templateObject12 object| _templateObject13 object| _templateObject14 object| _templateObject15 object| _templateObject16 object| _templateObject17 object| _templateObject18 object| _templateObject19 object| _templateObject20 object| _templateObject21 object| _templateObject22 object| _templateObject23 object| _templateObject24 object| _templateObject25 object| _templateObject26 object| _templateObject27 object| _templateObject28 object| _templateObject29 object| _templateObject30 object| _templateObject31 object| _templateObject32 object| _templateObject33 object| _templateObject34 object| _templateObject35 object| _templateObject36 object| _templateObject37 object| _templateObject38 object| _templateObject39 object| _templateObject40 object| _templateObject41 object| _templateObject42 object| _templateObject43 object| _templateObject44 object| _templateObject45 object| _templateObject46 object| _templateObject47 object| _templateObject48 object| _templateObject49 object| _templateObject50 object| _templateObject51 object| _templateObject52 object| _templateObject53 object| _templateObject54 object| _templateObject55 object| _templateObject56 object| _templateObject57 object| _templateObject58 object| _templateObject59 object| _templateObject60 object| _templateObject61 object| _templateObject62 object| _templateObject63 object| _templateObject64 object| _templateObject65 object| _templateObject66 object| _templateObject67 object| _templateObject68 object| _templateObject69 object| _templateObject70 object| _templateObject71 object| _templateObject72 object| _templateObject73 object| _templateObject74 object| _templateObject75 object| _templateObject76 object| _templateObject77 object| _templateObject78 object| _templateObject79 object| _templateObject80 object| _templateObject81 object| _templateObject82 function| _taggedTemplateLiteral function| gup object| api object| csrf object| album object| albums object| build object| contextMenu object| header object| leftMenu object| loadingBar object| lychee object| map_provider_layer_attribution object| mapview function| isSelectKeyPressed object| multiselect object| password object| _photo object| search object| settings object| sharing object| _sidebar function| DecimalToDegreeMinutesSeconds object| swipe object| upload object| users object| view object| visible function| $ function| jQuery object| lazySizesConfig object| lazySizes function| Mousetrap object| basicModal object| scrollLock function| require object| L function| Spinner object| Leaflet object| LivePhotosKit object| basicContext

2 Cookies

Domain/Path Name / Value
pics2.23d.de/ Name: XSRF-TOKEN
Value: eyJpdiI6ImFQRVZzY0NMUmFlWkhlMm80ZElTREE9PSIsInZhbHVlIjoiaG9OSHRhNVUwY3N0RS84OUJYeXQyYTF2MGNoZWYyRzZPN3hBUkN6dlVibTkrQkQrV2VLYXg4QnZvMEd4a09IbyIsIm1hYyI6ImNiNTc3ZTY4M2E3ZWM3ODUxYmJlY2YyYTMxN2YxMjY1NmFjYjY3OGI2Mjg3YTllZTE2MDM4Njg3NWU3ODQyOTgifQ%3D%3D
pics2.23d.de/ Name: lychee_session
Value: eyJpdiI6IlJBQ2RSSURIL0ErTkFYc0pOWEdNNEE9PSIsInZhbHVlIjoibzQ4Z1VzK1YxNHN0SGZVV1FqRVRFeXppdEtDQmEyZGdlU3Y1TG5YdG85OVFLem5zbmdIZFVHRlR3Rm16OXpQTSIsIm1hYyI6ImY4ZGQ1ZjQ1YWQ2MDQ0ODk5ZGIxYzBiNDcwMTFlZjZlZWY3MDAwYmYwN2MzNDYyOGRjNDdiZDhhYWQ2ZmYzYTkifQ%3D%3D

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vr'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' blob:; base-uri 'none'; connect-src 'self' http://lycheeorg.github.io/update.json blob:; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://maps.wikimedia.org/osm-intl/ https://a.tile.osm.org/ https://b.tile.osm.org/ https://c.tile.osm.org/ https://a.tile.openstreetmap.de/ https://b.tile.openstreetmap.de/ https://c.tile.openstreetmap.de/ https://a.tile.openstreetmap.fr/osmfr/ https://b.tile.openstreetmap.fr/osmfr/ https://c.tile.openstreetmap.fr/osmfr/ https://a.osm.rrze.fau.de/osmhd/ https://b.osm.rrze.fau.de/osmhd/ https://c.osm.rrze.fau.de/osmhd/ https://lycheeorg.github.io/ data: blob:; manifest-src 'none'; media-src 'self' blob:; object-src 'none'; script-src 'self' 'report-sample' https://www.dropbox.com/static/api/1/dropins.js 'sha256-8bLztrDF3NUpheSuvAzpebgX1DpPJEfhmUHKTwGF4qA='; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; worker-src 'none'
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block