Hi,
I’ve just noticed a random script in the theme.liquid head (Kalles Theme):
The JS seems to include a lot of deliberately jumbled class names. Is this legitimate? And if so, why isn’t it more clear that it’s not some injected JS hack?
Thanks 
Topic summary
A user discovered an unfamiliar script (//s.ksrndkehqnwntyxlhgto.com/128657.js) in their Kalles Theme’s header file (theme.liquid). The JavaScript contains deliberately obfuscated class names and includes smiling face emojis, raising concerns about whether this is legitimate code or an injected hack.
Responses suggest:
- The script likely belongs to an installed theme or app that renders on every page load
- Reverting to the original theme version to check if the script persists
- If the script remains after reverting, systematically disabling apps one by one until it disappears
The issue remains unresolved, with the user seeking confirmation on whether this is malicious code or legitimate third-party functionality.
I guess those scripts belong to an app or theme that will render every page reload.
1 Like
This is Richard from PageFly - Shopify Page Builder App
You can revert your theme back to the original to check if it’s still executed or not.
If the theme is original but still have it, you can try to disable all the app till you found its disappear
Hope this can help you solve the issue
Best regards,
Richard | PageFly