It's referrer spam. They loop through every possible ID number of Google Analytics profiles - recording hits without visiting your site at all. Remove them by adding a filter to a view that only includes hits from known hostnames - your site, search engine caches, payment processors etc.

Depending on your site, you may see days where there are hundreds of hits like this. For lower traffic sites, referrer spam makes up a significant proportion of GA hits. For instance, try creating a new analytics account, but never installing the code. Over time, you'll have a record of all the referrer spammers.

Thank you.

I see now that in GA it has to be manually configured while some other analytics platforms maintain the list of spammers.

Yes indeed. The process I follow is to have a view that records everything, and then more specific views that remove bad data. A pain is that filters only apply to future traffic, which means you end up with good data that only starts from when you add the right filters.

Interestingly, it does not show up in Piwik reporting.

The simplest explanation is that, since piwik lives on your own server, the spammers are getting blocked comprehensively through whatever tools you normally use-- IP, UA, referer, headers and so on.

spammers are getting blocked comprehensively through whatever tools you normally use

I got a sign that says "Beware of Dog!"



While GA and Piwik do provide useful aggregated info about your site traffic, IMO it is absolutely necessary to manually examine the raw server logs each and every hour, every day. If you don't, there are too many things you're missing.

These particular spammers don't hit your site - they just make the requests directly to Google using random UA-xxxxxx codes. Because they don't hit the site, they will send either an empty or faked hostname which is how they can be filtered out of GA reports. Piwik and other trackers either have protection built-in, and/or are too small a target to warrant sending fake hits to.

Google should be filtering this type of spam out - not webmasters.

It's clearly widespread.

Google should be filtering this type of spam out

I don't see how they can. Sure, there should be a setting where you, the individual user, can list IPs to ignore, so you can let it match your own IP-based lockouts. (If they can't physically get to your site, there's no point in telling Analytics you were there, because you already know it isn't true.) And then further settings for other types of requests to ignore-- the more settings, the better. But a third-party analytics program can't unilaterally block any category of request on their own initiative, because what if your own site doesn't block those requests?

The simplest explanation

Actually I found that Piwik itself maintains the list and filters such out. I wasn't aware of it. :o