Invicti identified the usage of Pollyfill in the target web server’s HTTP response.
Polyfill.io, a widely used JavaScript library, was compromised following its acquisition by Funnull, a China-based CDN company. Malicious code was injected into the library, redirecting users to harmful websites.

Affected Users:Over 110,000 websitesNature of Malicious Activity:

• Redirecting users to sports betting and pornographic sites.
• Specific activation on certain mobile devices at particular times.
• Delayed execution to evade web analytics detection.
• Avoidance of activation when an admin user is detected.

Immediate Action: Remove Polyfill.io from affected websites and replace it with secure alternatives provided by Cloudflare and Fastly.