Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet

Cloudflare reports that the polyfill.io CDN was abused after a change in ownership to inject malicious JavaScript (notably loading domains like googie-anaiytics[.]com and kuurza[.]com) which, under certain conditions, redirected users to external betting sites. Cloudflare corroborated the activity with Page Shield telemetry, published IoCs and timestamps, and deployed an automatic HTML rewriting mitigation for proxied sites—replacing polyfill.io references with a safe cdnjs mirror—and recommends all site owners replace polyfill.io links immediately.