Open WordPress admin with uBlock origin, you’ll see the Google/Cloudflare calls.  Almost all of them have google fonts on the frontend too that has to be manually removed.  As far as “dynamic” goes, there’s other ways to have a store.  The overwhelming majority of these blogs and sites do not need wordpress malware, especially when they have external checkout stores