diff --git a/public/.htaccess b/public/.htaccess
index 91acb50..4c52b34 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -1,5 +1,17 @@
 RewriteEngine On
 
+# 1) Nur Root von *.ismyusbfake.com nach /fakecheck/ umleiten
+RewriteCond %{HTTP_HOST} (^|\.)ismyusbfake\.com$ [NC]
+RewriteRule ^$ /fakecheck/ [L,R=301]
+
+# 1b) *.ismyusbfake.com mit Subpfad:
+#     /123456  →  /fakecheck/?referrer=123456
+RewriteCond %{HTTP_HOST} (^|\.)ismyusbfake\.com$ [NC]
+# nicht erneut anfassen, wenn wir schon in /fakecheck/ sind
+RewriteCond %{REQUEST_URI} !^/fakecheck(/|$) [NC]
+# genau ein Segment: /slug oder /slug/
+RewriteCond %{REQUEST_URI} ^/([^/]+)/?$ [NC]
+RewriteRule ^ /fakecheck/?referrer=%1 [L,R=302]
 
 # 2) /uploads/avatar schützen
 RewriteRule ^uploads/avatar/ - [F]
@@ -45,7 +57,7 @@ RewriteRule ^(.+?)/?$ $1/index.php [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 
-# systempfade nicht abfangen
+# Systempfade nicht abfangen
 RewriteCond %{REQUEST_URI} !^/(assets|uploads|auth|landingpage|_errors)/ [NC]
 
 # interne Weiterleitung auf deine Fehlerseite
diff --git a/public/assets/js/domain.js b/public/assets/js/domain.js
new file mode 100644
index 0000000..e69de29
diff --git a/public/landingpage/fakecheck/.htaccess b/public/landingpage/fakecheck/.htaccess
new file mode 100644
index 0000000..e69de29
diff --git a/src/auth/login.php b/src/auth/login.php
index f168654..a1d7f35 100644
--- a/src/auth/login.php
+++ b/src/auth/login.php
@@ -132,20 +132,44 @@ $_SESSION['user'] = [
 ];
 
 /* ---------------------------------------------------------
-   FLASH & REDIRECT
+   FLASH & SMART REDIRECT
 --------------------------------------------------------- */
 
 flash_set('success', 'Willkommen zurück, ' . ($user['first_name'] ?: 'User') . '!', 'login');
 
-// Redirect absichern: nur interne Pfade
-$target = is_string($redirect) ? trim($redirect) : '/';
-if ($target === '' || !str_starts_with($target, '/')) {
-    $target = '/';
+// redirect normalisieren
+$redirect = trim((string)($redirect ?? ''));
+
+// Flag: sollen wir stattdessen aufs Dashboard?
+$goDashboard = false;
+
+// 1) redirect leer → Dashboard
+if ($redirect === '') {
+    $goDashboard = true;
 }
 
-// Sprache anhängen
-$sep    = (strpos($target, '?') === false) ? '?' : '&';
-$target = $target . $sep . 'lang=' . urlencode($lang);
+// 2) redirect zeigt auf /login → Dashboard (Endlosschleife vermeiden)
+if (!$goDashboard && preg_match('#^/login(/|\?|$)#i', $redirect)) {
+    $goDashboard = true;
+}
+
+// 3) redirect ist keine interne URL → Dashboard (Sicherheit!)
+if (!$goDashboard && strpos($redirect, '/') !== 0) {
+    $goDashboard = true;
+}
+
+// 4) Finales Ziel bestimmen
+if ($goDashboard) {
+    // Immer Dashboard-Seite
+    $target = '/dashboard/?lang=' . urlencode($lang);
+} else {
+    // Internes Ziel, Sprache anhängen falls noch nicht vorhanden
+    if (strpos($redirect, 'lang=') === false) {
+        $sep      = (strpos($redirect, '?') === false) ? '?' : '&';
+        $redirect = $redirect . $sep . 'lang=' . urlencode($lang);
+    }
+    $target = $redirect;
+}
 
 header('Location: ' . $target);
 exit;