/analytics/community?hl=en
This content is likely not relevant anymore. Try searching or browse recent questions.
-
7/23/19
Unusual traffic from service provider "Microsoft Corporation" 0 Recommended Answers 19 Replies 31 Upvotes
1 Recommended Answer
$0 Recommended Answers
Last edited 12/2/19
In the last 8 months or so, I've been noticing an increase in suspect traffic in GA. I first noticed it when we started seeing higher than usual Wyoming traffic. Now, Wyoming has gone from bottom 5 for traffic to regularly appearing in the top 5 and the issue has become substantially worse in the last month or so.

When I started investigating the issue further, I noticed that there are six cities that are contributing to the unusual traffic:
- Cheyenne, WY
- Quincy, WA
- Des Moines, IA
- San Antonio, TX
- Washington, DC
- Chicago, IL

A large amount of traffic from these cities as well as traffic that has (not set) for location, lists a service provider of "Microsoft Corporation" in GA. Bounce rates for this traffic don't seem particularly unusual (70-75% for the most part), but average session duration is incredibly low considering that pages/session averages 1.5. It's also not in line with all other traffic. It seems to be some sort of bot, but I have set GA to not include known bots and spiders. I was wondering if anyone knows what this traffic is before I exclude all traffic with this service provider. I have included a screenshot of a custom report that shows the traffic for the last week.
All Replies (19)
8/8/19
I've seen a very similar thing, since April we've seen a huge increase in traffic from this source. All from the US.
marked this as an answer
Helpful?
9/4/19
Also seeing the same thing. Can anyone isolate the cause? Who it is?
marked this as an answer
Helpful?
9/25/19
I have an issue like this.  All are users from Chicago, with carrier of Microsoft Corporation, and all using browser IE 9, Source/Medium= (direct) / (none).   All have bounce rate of 100%, pages per session of 1, and session time of 0. All were new visitors.   They now account for 75% of my direct users in Analytics.  None of this activity seems to be reflected in my Jetpack stats.
I'm not sure this is a bot.  This "user" visited 50 of my pages in a week.  Visits per day ranged from 0 to 50, with the kind of not-so-random pattern that people have.  I wonder if there are one or more human users in this category, with a lot of details of their activity not tracked and reported either by Analytics or Jetpack.
marked this as an answer
Helpful?
10/3/19
I am finding the same issue with one of my clients.

For the past 3 months, I have noticed the spikes at beginning of the month, 2nd or 3rd of each month. It affects the direct traffic. 


IT acts like a bot - average time-on-page gets close to 00:00:00 and bounce rate 100%.

I have the exclusion of known bots enabled and managed to track some of the IPs with the log file analysis.

104.47.20.250
104.47.20.251
104.47.20.252
104.47.20.253

They all point to Microsoft

Could it be that Google still hasn't identified this IP/Sessions as a bot so it doesn't exclude?
marked this as an answer
Helpful?
11/18/19
Hello,

Same problem since the 8th june 2018.

Did anyone find a solution to block this traffic to the server (not only in analytics)?
marked this as an answer
Helpful?
12/2/19
I think at least some of the traffic from Service Provider "Microsoft Corporation" is related to services hosted by Microsoft (O365). I sent out some email messages today to a single company, with a unique web link. Those hits showed as Microsoft Corporation in San Antonio and Quincy (sound familiar?), so I know for sure those hits did *not* come from Microsoft. I also found a list of Microsoft's US data centers which seem to correspond nicely (not perfectly) to what we're seeing in our GA traffic:
  • Quincy, WA
  • Chicago, IL
  • San Antonio, TX
  • Des Moines, IA
  • Blue Ridge, VA
  • Cheyenne, WY
marked this as an answer
Helpful?
12/2/19
I have seen some similar things to me. I think this is a scam because when I talk to Microsoft corporation they denied so I just disown link form my website https://tattoodesigns123.org/ what do I do now?
marked this as an answer
Helpful?
12/3/19
Hey all, Just wanted to pop in and say that we're seeing this issue with our client as well. It's getting falsely attributed as bing / cpc somehow, because none of these visitors visited through bing. It's very odd. We're thinking bot traffic from Bing's data center's just as many of you all have surmised

Just wanted to confirm all of the suspicions and issues here. Our team reached much of the same conclusions. Our major sources of this kind of traffic were Quincy, Washington (MSFT data center) and Chicago, Illiniois (MSFT Data center) despite the fact that we're not targeting Quincy, Washington with Bing / CPC which was our first red flag.
Last edited 12/3/19
marked this as an answer
Helpful?
12/4/19
We're also seeing this starting on 12/04/19. Large spike in traffic from 'CPC/Bing' from Quincy, WA and Chicago, IL.
marked this as an answer
Helpful?
2 days
We are seeing the same thing since 9/2019. It is hitting one particular page only. For now, to do reports for that page I made a Segment to exclude source that is bbfugb-egh-fafjfyfggfe-5349.
marked this as an answer
Helpful?
This question is locked and replying has been disabled.
Discard post? You will lose what you have written so far.
Write a reply
10 characters required
Failed to attach file, click here to try again.
Discard post?
You will lose what you have written so far.
Personal information found

We found the following personal information in your message:

This information will be visible to anyone who visits or subscribes to notifications for this post. Are you sure you want to continue?

A problem occurred. Please try again.
Create Reply
Edit Reply
Delete post?
This will remove the reply from the Answers section.
Notifications are off
Your notifications are currently off and you won't receive subscription updates. To turn them on, go to Notifications preferences on your Profile page.
Report abuse
Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Go to the Legal Help page to request content changes for legal reasons.

Reported post for abuse
Unable to send report.
Report post
Questions about a different Google product are no longer considered off-topic and should be moved to the relevant community.
Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Go to the Legal Help page to request content changes for legal reasons.

Reported post for abuse
Unable to send report.
This reply is no longer available.
/analytics/threads
//accounts.google.com/ServiceLogin
You'll receive email notifications for new posts at
Unable to delete question.
Unable to update vote.
Unable to update subscription.
You have been unsubscribed
Deleted
Unable to delete reply.
Removed from Answers
Marked as Recommended Answer
Removed recommendation
Undo
Unable to update reply.
Unable to update vote.
Thank you. Your response was recorded.
Unable to undo vote.
Thank you. This reply will now display in the answers section.
Link copied
Locked
Unlocked
Unable to lock
Unable to unlock
Pinned
Unpinned
Unable to pin
Unable to unpin
Marked
Unmarked
Unable to mark
Reported as off topic
/analytics/profile/0?hl=en