A Shopify store owner reports automatic redirects to third-party betting websites occurring exclusively on mobile devices, either after a few seconds or immediately upon page load. Despite checking DNS entries, backend code, theme files, and consulting both Shopify and the domain provider, no malicious code was found in obvious locations.
Potential cause identified:
One user suggests the issue may stem from the Shiprocket app injecting malicious links.
Proposed solution:
Identify the initial redirect URL (example given: wp54trk dot com)
Locate and remove that URL string from the content_for_header section in the theme.liquid file
Current status:
Another user attempted this fix but couldn’t find the specific redirect string in their theme.liquid file, indicating the solution may not work universally or the malicious code location varies between cases. The issue remains unresolved for some participants.
Summarized with AI on October 29.
AI used: claude-sonnet-4-5-20250929.
My shopify store https://car101.in/ automatically gets redirected to third party betting websites and this happens on mobile devices only. This problem occurs when we open website and wait for few seconds (in some cases it redirects immediately). Had thorough checks with Domain dns entries and backend codes including Theme file, Index file, header and footer liquid file no malicious links or redirections found. (Try browsing in incognito node in chrome if issue is not seen). Consulted shopify and domain service provider but no luck. Looking for solution.
Found a solution.
You need to find out the first url to which the website gets redirected to (in my case it was wp54trk dot com)
Then you need to delete the particular website string from “content_for_header” in theme.liquid file
I am experiencing the same problem. However, I don’t see the wp54trk dot com string under the “content_for_header” section in theme.liquid file. Any help please?
Check all your installed apps, including ones you might have deactivated but not fully uninstalled. Sometimes sketchy apps inject code that stays active even after you think you’ve removed them. Go through every single app and uninstall anything you’re not actively using or anything that looks suspicious. After uninstalling, check if the redirect stops.
Look at your theme’s asset files, especially JavaScript files. Malicious redirects are often buried in minified JS files where they’re hard to spot visually. You might see something that looks like gibberish or base64 encoded strings. If you find anything suspicious in your JS files, that’s likely your culprit.
Another thing - check Google Search Console to see if Google has flagged your site for malware or suspicious activity. If they have, that confirms the issue and might give you more details about what they’re detecting.
Since this only happens on mobile and is intermittent, it could also be related to a specific ad network or tracking script that loads differently on mobile devices. If you’re using any third-party tracking pixels, analytics tools, or advertising scripts, try temporarily removing them one by one to see if the redirect stops.
In the meantime, I’d strongly recommend changing all your passwords - Shopify admin, email, any connected accounts - just in case someone got unauthorized access to your store. Also enable two-factor authentication if you haven’t already.