How can I identify the source of an external javascript code?

Technical Q&A

Topic summary

External JavaScript on a Shopify store was traced to an app-injected script loading from an Alibaba Cloud OSS URL. The script appeared in the page source and was not part of the theme files.

Key finding:

  • App-injected scripts are added to the page via Shopify’s Liquid drop {{ content_for_header }} in theme.liquid.
  • Inspecting the page source of the store (wanderlostandfound.com) showed a block of app-loaded scripts. Guidance: check installed apps—especially any tied to aliyuncs/ysd.com—for the injection source.

Outcome:

  • The original poster later confirmed this diagnosis and resolved it on their end (details of the specific app or removal steps were not shared).

New, open question:

Summarized with AI on December 14. AI used: gpt-5.
1

Hello out there :victory_hand:︎ I’m completely lost, and if someone can help me, I’ll build a temple in their honour.

I can’t find the source of this code: https://frontend-static-test.oss-cn-shanghai.aliyuncs.com/shopify/insert.js?shop=wanderlost-found.myshopify.com

I know it’s connected to Alibabacloud servers — I googled elements of the URL above & info from my GTMetrix report for my store’s homepage. So I know this code is not in my store’s theme. It’s coming from an external source. No one can find where. Not me, my theme dev or Shopify. Can you?

Spoke to Shopify. They told me to speak with my theme dev. I spoke with theme dev, they told me to spak with Shopify. Same old story.

I’ve looked high and low. Trawled my store’s code. My theme dev did the same. We couldn’t find the source of this code connected to the Alibabacloud servers. Must be conected to an app or 3rd party. But no sign of that connection in the approx 15 places I checked and there’s nowhere else (I can think of) that could have that connection.

Any tips on how to identify the origin of code like this? https://frontend-static-test.oss-cn-shanghai.aliyuncs.com/shopify/insert.js?shop=wanderlost-found.myshopify.com I just want to disconnect this code and walk away from the .js mess it’s creating across my store.

Hope someone can help…

Thanks!

Toby

2

Hi Toby,

Assuming your store is https://wanderlostandfound.com/, this appears to be an app injected script. If you look at the page source you’ll see this block of code:

iDoThemes_0-1639097849152.png
iDoThemes_0-1639097849152.png1326×672 218 KB

These are all app injected scripts. Apps can inject scripts into the page so if you have any apps related to aliyuncs / ysd.com then it’s likely that one. These are injected into your theme via the {{ content_for_header }} liquid drop in theme.liquid.

1 Like
3

Ahoy!

Thank you. And please excuse the delayed reply. You were right. And I figured that out on my own over a much longer and more arduous journey than I ever needed to. Didn’t get a notification re your helpful insights. Which explains my lack of reply. The long, winding journey has a long winding reason, which is — surprise! — long… and also winding.

I’ll shut up now.

Thanks again!

T

1 Like
4

How were you able to find this? I’ve been running a Screaming Frog crawl with different renderings and can’t find where these malicious links are appearing on the site.

Site is: mygiddi.com

Malicious links are:

bestcdk.com

varun-ysz.com

dagny-taggart.com

isdover-1.online

ariad-tzc.com

aemil-zzj.com