Two years of technical debt made manifest. Toshiba, Muji, and Samsung all got bitten by polyfill io code. The domain expired, someone else bought it, and suddenly legitimate web...
https://www.bleepingcomputer.com/news/security/suspicious-polyfill-login-prompts-pop-up-on-toshiba-muji-websites/