polykill.io
Open in
urlscan Pro
151.101.67.52
Public Scan
Submitted URL: http://polykill.io/
Effective URL: https://polykill.io/
Submission: On July 02 via manual from US — Scanned from DE
Effective URL: https://polykill.io/
Submission: On July 02 via manual from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form class="ConversionForm_ConversionForm__SEAVc" action="" enctype="multipart/form-data" method="POST"><input type="hidden" name="$ACTION_REF_1"><input type="hidden" name="$ACTION_1:0"
value="{"id":"3c367a89f3c5f7c5017bd309d4c8a815033a2200","bound":"$@1"}"><input type="hidden" name="$ACTION_1:1"
value="[{"suceess":false,"formErrors":[],"fieldErrors":{}}]"><input type="hidden" name="$ACTION_KEY" value="k2587771169">
<div><input required="" placeholder="Email Address" type="email" class="form-control" name="email">
<div class="invalid-feedback"></div>
</div>
<div><input required="" placeholder="Website URL" type="text" class="form-control" name="site">
<div class="invalid-feedback"></div>
</div><button type="submit" class="btn btn-primary">Send Report</button>
</form>Text Content
POLYKILL Send Report Or you can download a CSV file of all sites as of as of Feb 27, 2024. Download CSV This website was created to bring awareness to a major JavaScript supply chain vulnerability with a well known and broadly used JavaScript file hosted on the polyfill.io domain name. As of February 24, 2024, cdn.polyfill.io, the domain hosting the polyfill.io JavaScript library, has been acquired by a Chinese company named Funnull. Polyfill.io is a widely used JavaScript library integrated into many of the world's most well known web applications. All polyfill.io traffic is now pointing to the Baishan Cloud CDN (https://www.baishancloud.com/). There are many risks associated with allowing an unknown foreign entity to manage and serve JavaScript within your web application. They can quietly observe user traffic, and if malicious intent were taken, they can potentially steal usernames, passwords and credit card information directly as users enter the information in the web browser. To remove the domain "cdn.polyfill.io" from your web properties, follow these steps: STEP 1: IDENTIFY USAGE Developers should use a code search tool or IDE to search for instances of cdn.polyfill.io in source code across all projects within the organization. STEP 2: REPLACE WITH A SECURE VERSION Fastly has taken a snapshot of the code before it was sold to Funnull and are hosting it here (https://polyfill-fastly.io). Use this remote host until you are able to download locally and host yourself. Developers should download the polyfill.js file locally, scan it for vulnerabilities and host on internal systems. Replace all instances of <script src="//cdn.polyfill.io"... with the new secure <script src="//polyfill-fastly.io"... or locally hosted polyfill JavaScript file. To follow updates, please refer to this github issue (https://github.com/polyfillpolyfill/polyfill-service/issues/2834). POLYFILL.JS HISTORY The polyfill.js JavaScript library was created within the FT.com's development team, was heavily evangelized and written about around the 2010 time period, and subsequently picked up for use by a large part of the web development community at that time.