What's your biggest current challenge? Have your say in Community Polls along the right column.

How can I identify the source of an external javascript code?

Solved

How can I identify the source of an external javascript code?

T1K
Tourist
3 0 1

Hello out there ✌︎ I'm completely lost, and if someone can help me, I'll build a temple in their honour.

 

I can't find the source of this code: https://frontend-static-test.oss-cn-shanghai.aliyuncs.com/shopify/insert.js?shop=wanderlost-found.my...

 

I know it's connected to Alibabacloud servers — I googled elements of the URL above & info from my GTMetrix report for my store's homepage. So I know this code is not in my store's theme. It's coming from an external source. No one can find where. Not me, my theme dev or Shopify. Can you?

 

Spoke to Shopify. They told me to speak with my theme dev. I spoke with theme dev, they told me to spak with Shopify. Same old story.

 

I've looked high and low. Trawled my store's code. My theme dev did the same. We couldn't find the source of this code connected to the Alibabacloud servers. Must be conected to an app or 3rd party. But no sign of that connection in the approx 15 places I checked and there's nowhere else (I can think of) that could have that connection.

 

Any tips on how to identify the origin of code like this? https://frontend-static-test.oss-cn-shanghai.aliyuncs.com/shopify/insert.js?shop=wanderlost-found.my... I just want to disconnect this code and walk away from the .js mess it's creating across my store.

 

Hope someone can help...

 

Thanks!

Toby

Accepted Solution (1)

iDoThemes
Trailblazer
207 43 93

This is an accepted solution.

Hi Toby,

 

Assuming your store is https://wanderlostandfound.com/,  this appears to be an app injected script.  If you look at the page source you'll see this block of code:

iDoThemes_0-1639097849152.png

 

These are all app injected scripts.  Apps can inject scripts into the page <head> so if you have any apps related to aliyuncs / ysd.com then it's likely that one. These are injected into your theme via the {{ content_for_header }} liquid drop in theme.liquid.

Developer of Liquify Chrome Extension -- Enhance the Shopify Theme Code Editor
.




Theme Developer -- Drop me a line

View solution in original post

Replies 3 (3)

iDoThemes
Trailblazer
207 43 93

This is an accepted solution.

Hi Toby,

 

Assuming your store is https://wanderlostandfound.com/,  this appears to be an app injected script.  If you look at the page source you'll see this block of code:

iDoThemes_0-1639097849152.png

 

These are all app injected scripts.  Apps can inject scripts into the page <head> so if you have any apps related to aliyuncs / ysd.com then it's likely that one. These are injected into your theme via the {{ content_for_header }} liquid drop in theme.liquid.

Developer of Liquify Chrome Extension -- Enhance the Shopify Theme Code Editor
.




Theme Developer -- Drop me a line
T1K
Tourist
3 0 1

Ahoy!

 

Thank you. And please excuse the delayed reply. You were right. And I figured that out on my own over a much longer and more arduous journey than I ever needed to. Didn't get a notification re your helpful insights. Which explains my lack of reply. The long, winding journey has a long winding reason, which is — surprise! — long... and also winding.

 

I'll shut up now.

 

Thanks again!

 

T

PixelPotions
Shopify Partner
3 0 0

How were you able to find this? I've been running a Screaming Frog crawl with different renderings and can't find where these malicious links are appearing on the site. 

Site is: mygiddi.com 

Malicious links are: 

bestcdk.com

varun-ysz.com

dagny-taggart.com

isdover-1.online

ariad-tzc.com

aemil-zzj.com