How To Spot "Traffic Stealing" Scripts? (7)

Hey

I've tried to search on the forum but weren't able to find any solid info.

What's the best way to spot bad scripts on ripped LPs?

I believe you have all the answers included in the following thread:
https://stmforum.com/forum/showthrea...Ripped-Landers
Also, keep a closer look at obfuscated javascript snippets since there is where such stuff happens more often.
https://stmforum.com/forum/showthrea...l=1#post334105

As platinum said, mostly in the java script. No one here will tell you what THEIR own script looks like

Best is to learn some basic coding / reading the code and learn how to clean your landing page from those scripts.

Replace the JS libraries with the CDN versions etc.

No need to worry about dirty scripts then.

And a simple trick to detect the presence of such script... these scripts steal clicks, right? So try to click on the CTAs multiple times, reload the LPs, click again, then do it one more time, or 20 more times. In case you're always redirected to the offers that matches with your campaign setup, it's most likely clean.

If you open up a code editor, you first order of business in editing a LP is to search for all links on the page by typing "http", "www" etc and replacing them with your own.

Then search for ".js" files, "script" for in-line javascript.

As a general rule, I always replace common libraries like jquery with cdn hosted versions on https://cdnjs.com/ or https://developers.google.com/speed/libraries/ since sometimes people like to hide redirects in there.

Spotting "hidden" redirects in javascript however is trivially easy once you know what to look for. It's either going to be a url broken up in to pieces and then re-combined to as to make it harder to search for, and/or making use of obfuscated stings that stand out like a sore thumb, eg

var _0x5742=['Hello\x20World!','log'];(function(_0x379330,_0x364195){var _0x569c1a=function(_0x57f62c){while(--_0x57f62c){_0x379330['push'](_0x379330['shift']());}};_0x569c1a(++_0x364195);}(_0x5742,0x1c5));var _0x40a0=function(_0x358161,_0x4ad3f6){_0x358161=_0x358161-0x0;var _0x9ca2f2=_0x5742[_0x358161];return _0x9ca2f2;};function hi(){console[_0x40a0('0x0')](_0x40a0('0x1'));}hi();

One extremely simple method is to use Chrome's Developer Tools.

1. Press F12 in Chrome to launch Developer Tools (Command+Option+I in Mac)
2. Click on the "Network" tab and select "preserve log"
3. Visit your landing page
4. Check the "Domain" column for calls to any unknown domains



There are of course ways around this, but this is a quick preliminary test. You could perhaps refresh the page a few times in case only a portion of the traffic is being redirected.

For any unidentified domains, you can click on the link in the "Initiator" column to see the exact line in the page or script that triggered it.

Hope that helps!