Where are website script sources coming from?

I have an unwanted Google Tag Manager popping up on my company’s website. We have lost access to the old tag manager (hence the new one).

Using Chrome Dev tools I am able to see the unwanted tag id as a source (http://www.googletagmanager.com/gtm.js?id=GTM-XXXXXX) along with the new correct tag. However, I am not able to work out where that script is coming from!

Is there anyway to work out what is injecting that script into our site?

Directly you won’t be able to see which tag have been implement from old GTM. But on the basis of your analysis you might be able to figure out.

just take a look in your new GTM account and compare those tags whatever is there on your website by using TAG ASSISTENT (By GOOGLE). and also check goals, ecommerce and other configuration google analytics account , conversion tracking and remarketing in your adwords account.

if you haven’t implement some of these tracking code using new GTM, there is chances that you had implemented through old GTM. In this case try to re-implement those tag using new GTM and then remove old GTM from backend.

NOTE: remove OLD GTM in case of suspicious activity otherwise not required just to avoid data lose