Spike in visits and clicks from Ashburn, VA, including ~2,000 visits in a single day, initially during Meta ads and continuing even after ads were paused; a Klaviyo email send also triggered apparent fake clicks.
Prior actions: Reached out to Shopify and Meta support without resolution. The pattern suggests bot or automated traffic concentrated in a single location.
Context provided: Ashburn hosts major data centers (notably Amazon Web Services, AWS), which can make a disproportionate amount of automated or proxy traffic appear to originate there. While some Ashburn traffic can be normal, the reported volume is unusually high.
Advice given: Consider excluding Ashburn-origin traffic from analytics reports and keep monitoring for further spikes. No definitive cause identified and no technical fix confirmed.
Status: Ongoing issue; key questions about the true source and mitigation remain unanswered.
Anyone getting inundated with traffic/engagement from Ashburn, VA? I was running Meta ads all summer and then one week I ended up getting a ton of traffic from Ashburn, VA (like 2k visits in the same day). I’ve battled with Shopify and Meta support to try and resolove with no luck.
Just today, after stopping my Meta ads last week, I sent an email (Klayvio) and it looks like I’m getting bombarded from Ashburn again, and even getting fake clicks on my email!
Ashburn houses major data hubs and servers including Amazon AWS. So normally I would say just dismiss it and exclude it from your analytics reports. 2000 is a bit much though for a single day. Just keep an eye on it.
The advice you received to simply “exclude Ashburn from your analytics” is actually dangerous for your marketing strategy.
The root cause here isn’t just that your Shopify dashboard numbers are inflated. The real architectural issue is that your Meta Pixel and Klaviyo algorithms are actively training on this bot data. If 2,000 bots entered via an ad, your Pixel now believes that bot profile represents your “ideal customer.” Meta will subsequently optimize your ad spend to find more “people” like that (i.e., more bots), essentially burning your budget to train the algorithm against you.
Regarding the email clicks, those are likely automated security scanners (often hosted in AWS us-east-1 data centers in Ashburn) checking your links for phishing before delivering the email.
Shopify Support typically cannot resolve this because it is not a platform bug; it is an external traffic quality issue. To stop the budget bleed, you need to stop the tracking events from firing, not just hide them in a report:
Log Forensics: This usually requires exporting raw access logs and running them through a Python analyzer to identify the specific User-Agents and IP CIDR ranges.
Data Center Filtering: Ashburn traffic is almost always AWS us-east-1. You need to identify which specific subnets are hitting you.
Conditional Script Loading: The solution is to wrap your Meta Pixel and analytics scripts in a custom logic block. This block checks the visitor’s IP against the known bot ranges and prevents the tracking script from initializing if there is a match.
This approach ensures that while the bots might still hit the site, they remain invisible to your marketing algorithms and do not skew your optimization data.
Best regards, Alexander
Thank you for this detailed reply and makes sense. I however do not know anything about the solution you mentioned, so how do i go about performing the below tasks:
Log Forensics: This usually requires exporting raw access logs and running them through a Python analyzer to identify the specific User-Agents and IP CIDR ranges.
Data Center Filtering: Ashburn traffic is almost always AWS us-east-1. You need to identify which specific subnets are hitting you.
Conditional Script Loading: The solution is to wrap your Meta Pixel and analytics scripts in a custom logic block. This block checks the visitor’s IP against the known bot ranges and prevents the tracking script from initializing if there is a match.
Hi MariaSSFF,
For your situation, the simplest and safest first step is Cloudflare. In most cases, this is enough and does not require any coding.
The setup is straightforward:
DNS: Route your domain through Cloudflare (the Free plan is usually sufficient).
WAF Rules: Create a Firewall rule to challenge traffic from ASN 16509 and ASN 14618. These ASNs belong to Amazon AWS and are commonly used by scanners in Ashburn.
Bot Fight Mode: Enable this in the security settings.
This blocks the traffic before your store loads, so your Meta Pixel and email tracking never fire.
Try this first. If it does not fully stop the issue or the bots adapt, only then does it make sense to move on to more complex, code-based solutions.
Best regards,
Alexander