Get Rid of Referral Spam In Google Analytics

Name Referral Spam
Type Referral Spam
Short Description The web page has been seen on many referral spams on predominanly medium sized and smaller blogs in traffic.
Symptoms The user may witnes the spam on various places of the website that is being targeted, leading to Copyrightclaims(.)org which then redirects to a phishing website.
Distribution Method Bundling.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by malware
User Experience Join our forum to discuss about Referral Spam.

Ah, referral spam – if it isn’t the least favourite thing to meet when you are trying to improve your website by working with Google Analytics. It starts with a few messages but it may become more frequent if left unmonitored and may even cause your favourite site to be banned from google searches because of malicious content. Well, redirects is yet another such spam that is featured by a malicious bot or someone hiding out in a closet somewhere. Either way, it is very unwanted and you should deal with for the sake of your site. But in order to get rid of it, first you need to get to know your enemy so that you can be protected in the future. Referral Spam – What Is It

Such referral spam attacks usually aim to drive hoax web traffic to third-party sites. These are also known as ghost referrals and web crawlers. The trend has been growing rapidly and its highest points are during the end and beginning of a year. Experts warn that this threat is a rather serious one and if not blocked and protected from in time, it has the power to make a huge mess and cause many headaches.
There are two main referral spamming methods used by the spam bots at the moment:

Type 1: Spam by Crawlers

This particular spam comes in waves which are normally not identified and what is more they can change rapidly the statistical data. This means that they can increase the bounce rate rapidly and cause fluctuations in some other details. There are those spammers that finally remove a website from their “To spam list” right after they have been warned to stop or after their website links have been flagged as spam. But, there are also these persistent spammers that remain and even continue to complicate and develop their spam and they are the ones who most often have to be prevented via analytics filter. This may in some persistent cases be a headache for the site admin.

Type 2: Ghost Referral Spam

This particular spam method is the most widely distributed and you may have met it in the eyes of . It aims one thing and one thing only – to remain for as long as possible hidden, non-flagged and unfiltered.
Ben Davis at is an expert on spam and his report indicates that this spam is not actually present on the website it spams. There are cases where spammers exploited the free HTTP protocol information that passes through. This is a clear indication that a cyber crook can mask the whole HTTP session. There is even a special software, that is designed for this specific purpose. Such software might as well send fake HTTP requests that are directed towards different Google Analytics settings, eliminating the demand for the program to even visit the site that has been targeted. Security experts also report that the malicious threat may have the ability to fake certain search results. referral spam may have the ability to modify Google Analytics statistical data and as a results change traffic and duration times, thus decreasing the value of the data on the site itself. This particular fact is very annoying, mainly because if you have a site and you are relying on statistical data to act based on forecasts from it, you may face a grave difficulty. The biggest danger by referral spam lies before lower traffic websites such as beginner blogs, newly created websites and others. This is because their data may be devaluated for a very short time by spammers. The referral spam domains continue to increase.

Similar to some other big spamming domains, like erot(dot)co for example, has been reported for several other malicious activities such as phishing. The website itself was initially blocked by antivirus software:
What is more, when visited, the website, caused a redirect to a phishing website that was a look alike. It is probably created with the purpose of collecting different, most likely financial data from customers or making them pay for non-existent products. In case you have visited the website, it is highly advisable to scan your computer with an advanced anti-malware software and change your passwords as well as other information.
Here is how the real Aliexpress web page looks like at the moment of writing this if it is put in comparison to the redirect caused by
Referral-spam-phishing – How To Protect Yourself

If you have spotted referral spam by, this is a clear sign that you have this type of spam and you should immediately block it in your GA. Security experts, such as Carlos Escalera from advise users to follow these instructions to filter out the spam in Analytics:

Step 1: Click on the ‘Admin’ tab on your GA web page.
Step 2: Choose which ‘View’ is to be filtered and then click the ‘Filters’ button.
Step 3: Click on ‘New Filter’.
Step 4: Write a name, such as ‘Spam Referrals’.
Step 5: On Filter Type choose Custom Filter –>Exclude Filter –> Field: Campaign Source–> Filter Pattern. Then on the Pattern, enter the domain name – Copyrightclaims(.)org
Step 6: Select Views to Apply Filter.
Step 7: Save the filter, by clicking on the ‘Save’ button.
You are done! Congratulations!

In case you keep seeing this persistent spam on your machine, make sure that you download a reputable anti-malware program that will help you with the detection of any threats associated with this malicious redirect and ensure further protection to yourself from other intruders and spammers.

Also, make sure you check out these several methods to help you further block out this referrer spam from google analytics:

We have also researched several other methods to deal with this spam:

Method 1: Block it from your server.

In case you have a server that is Apache HTTP Server, you may want to try the following commands to block Ranksonic(.)net domains in the .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https://.*Copyrightclaims \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*Copyrightclaims \.ru/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*Copyrightclaims \.org/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.*Copyrightclaims \.info/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.* Copyrightclaims \.co/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.* Copyrightclaims \.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^https://.* Copyrightclaims \-for\-website\.com/ [NC,OR]

RewriteRule ^(.*)$ – [F,L]

Also here is a web link to some spam URLs being blacklisted from other servers:

Disclaimer: This type of domain blocking in Apache servers has not yet been tested and it should be done by experienced professionals. Backup is always recommended.

Method 2 – Via WordPress

There is a method outlined by security researchers online that uses WordPress plugins to block referrer spams from sites. There are many plugins that help deal with referrer spam, simply do a google search. We have currently seen one particular plugin reported to work, called WP-Ban, but bear in mind that you may find an equally good or better. WP-Ban has the ability to block users based on their IP address and other information such as the URL, for example.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

In case you have been affected by clicking on one of the many Copyrightclaims(.)org referral URLs it is recommended to scan your PC with an advanced anti-malware program more than once in order to determine whether or not your system i safe.


Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share