English

rl_session

rl_group_trait

rl_group_id

rl_user_id

rl_trait

rl_anonymous_id

rl_page_init_referrer

rl_page_init_referring_domain

ph_phc_mJQGJOLSR0lsP0XM5MaQfxEub7icp1KvLi37QBedmOp_posthog

Domain 'dashboard.myf2b.com' uses the commercial generic top-level domain (.com) and includes subdomain 'dashboard'. Count 5 characters in 'myf2b' split between 0 vowels and 4 consonants, along with one digit. Splitting it apart reveals 4 words: my, f, 2, b. Expect one character per word on average. No strong language cues emerged from the frequency lists.

html/99/be/99becf54-4ee1-4c30-a862-9c999b875eaf.html.gz

default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

646116a270e3f8050471e755263dcd3dbea189aa7f7bdc90a7accb5a08d91530

744dc24787b36cae8155a63ba51e656d4425e43f0b80f223662e644245929093

7c4bab0bde7385531f497f41a016bb3bfd2f60e555750afb16eee6414d67821d

baed55663bbc94403e3326a7a3fc4a38ee59cfaa552dac7a68070f05370fa227

da7f53fd8094595c9774a286bb93d33ca3b144995301c77152bb11918096f6c1

55b243da6ac5a24f105273fe8b32e53b41e6623cd41695216f5faed2d7308cab

75a32a5bac87c1c8c3a2c1c705ed6fdd34ef5d89b5f5590b286a038f59ad94a5

58c05678ff78cc069460d071460834ae08925e36d89c0d03bebd59511f78bf72

0126e7a085a238722dd3367a2a1f0cb9b31e9ca92e1232d3228181557d25a0fe

f914887d4d8de5e68a2eea7de5a767a8bb51c03abc026f784138a2a7b0b915d1

b3c24a9b70b6b2982625b4b223eeafc8d01a958715d9af21e38400edfec3e289

13c0f75f991ff27fdd4b38e356d24c2d7c3ed5d985772f0262ca33d5978e4770

2825cf886c17e34f45a6d8efc34e4b7f7f4d272288d169d3a3cef70263dc8f24

1ba5d616cae50bc5d5469bac4250c483734b0a449ca4d4c70d3e1c5c992d9b7d

48a1d1940ad5656072400fe35530a649395b2ac01eeaeaa74c55ade2d4e696c8

387eaa2aaf5ce6719bd5c3e3983d8474a00e86bf2437ed38c880674afe3931e5

6ddff7c5588ee14102567a87bc4be3f183c0a8edab6e45a21433c3b45b3df453

35b221f9482a71b3d4d68dafdf88f6cc136fb27f8dfa60908e4eb5949246e0b2

Denial of Service condition in Next.js image optimization

Next.js authorization bypass vulnerability

Next.js Allows a Denial of Service (DoS) with Server Actions

Next.js Race Condition to Cache Poisoning

Authorization Bypass in Next.js Middleware

Information exposure in Next.js dev server due to lack of origin verification

A vulnerability in Next.js Image Optimization has been fixed in v15.4.5 and v14.2.31. When images returned from API routes vary based on request headers (such as `Cookie` or `Authorization`), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug.

All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.

More details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57752)

A vulnerability in **Next.js Image Optimization** has been fixed in **v15.4.5** and **v14.2.31**. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery.

All users relying on `images.domains` or `images.remotePatterns` are encouraged to upgrade and verify that external image sources are strictly validated.

More details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-55173)

A vulnerability in **Next.js Middleware** has been fixed in **v14.2.32** and **v15.4.7**. The issue occurred when request headers were directly passed into `NextResponse.next()`. In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.

All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the `next()` function.

More details at [Vercel Changelog](https://vercel.com/changelog/cve-2025-57822)

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).

A malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.

It was found that the fix addressing [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and did not fully prevent denial-of-service attacks in all payload types. This affects React package versions 19.0.2, 19.1.3, and 19.2.2 and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).

A malicious HTTP request can be crafted and sent to any Server Function endpoint that, when deserialized, can enter an infinite loop within the React Server Components runtime. This can cause the server process to hang and consume CPU, resulting in denial of service in unpatched environments.

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).

A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.

A DoS vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain.

Strongly consider upgrading to 15.5.10 and 16.1.5 to reduce risk and prevent availability issues in Next applications.

0225eb034d024a03bdc90ea6c79f56193662e7c3eee909696298820e517cbb83

ec29f2fa10e980778c87b80001a8015fb7cb0918852615a6be13285939db293f

viewport

next-head-count

html/99/be/99becf54-4ee1-4c30-a862-9c999b875eaf_nodriver.html.gz

Footsteps2Brilliance

GoDaddy.com, LLC

MYF2B.COM

Amazon EC2 Abuse

IP Management

Amazon AWS Network Operations

Amazon.com, Inc.

AWS RPKI Management POC

IP Routing

Amazon EC2 Network Operations

AMAZO-CF

Amazon Web Services

HSTS

Amazon S3

Amazon CloudFront

Rudderstack

PostHog

Tracking domain: o420774.ingest.us.sentry.io

o420774.ingest.us.sentry.io

us.i.posthog.com

✅ Low Risk - https://dashboard.myf2b.com

Requests	IP Address	Location	AS Autonomous System
10	3.167.227.72	United States	AS16509Amazon.com, Inc.
7	34.160.81.0	Kansas City, Missouri, United States	AS396982Google LLC
7	65.8.131.48	United States	AS16509Amazon.com, Inc.
7	3.174.46.96	United States	AS13335
31	4	-	-

Security Scan Report: dashboard.myf2b.com

Summary

AI Security Verdict

Safe Website

Safety Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies6

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History