How can I trace the connection chain of scripts on a website?

L

Leonid Nimchenko2017-02-02 00:18:11

JavaScript

Leonid Nimchenko, 2017-02-02 00:18:11

Hello.
I am making a site on my engine and noticed that third-party js scripts appeared on it, even on local hosting. I use many libraries, such as: jQuery, jquery-ui, uikit, api-maps.yandex, google.maps. For the test, I disabled all scripts and libraries - third-party scripts still remained. I don't understand where they connect. Checked on browsers: Yandex, Fox, Opera - yes. On the Opera, a separate window for advertising the WOT game popped up. In browser debuggers I see domains: api.sitestate.ru, ajax.cloudflare.ru, awaybird.ru, dbbridge.ru, loadroute.ru. But I don't understand where the links to them are on the site. There are scripts without domains.
Please tell me how to track and remove other people's scripts from the site.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

X

xmoonlight, 2017-02-02
@lculver

The site is on its own engine, and advertising is third-party?!
There are few options:
1. third-party JS-libs => one by one - disable!
2. template with "parasitic" JS code => do not use the template and look
3. infected system / browser / traffic replacement => antivirus, run from another PC (OS, or boot from a USB flash drive on the same PC),
4. If nothing helped: we try to check the proxy, router, another Internet channel.

I

Immortal_pony, 2017-02-02
@Immortal_pony

Browser extensions.
Internet provider.

A

Alexey Yusupov, 2018-03-17
@Mnojitell

They are not on the site. These are inline scripts. They are located on infected devices of site users. Set up a CSP tool and all this shushara will be blocked by browsers.