Seeing LeadsGo.io Spam in Your GA4? Here’s How to Block It

Home » Notes » Seeing LeadsGo.io Spam in Your GA4? Here’s How to Block It
This post may contain affiliate links. If you buy something through these links I will receive a commission (at no additional cost to you). I personally hand-test everything that I promote, and I only link to services and products that I like.
leadsgo.io referral spam in GA4 Analytics

Just opened GA4 and saw leadsgo.io in your referral report?

Yeah, me too.

It’s not a real visitor. It’s not a potential lead. Leadsgo.io is the latest clown car of referral spam driving straight through your analytics, and it’s completely useless.

They’re not actually visiting your site. They’re pinging the GA4 measurement protocol directly to get their name in your reports, hoping you’ll get curious and visit their domain. Don’t.

Why Spam Referral Traffic Matters

  • It inflates your traffic. Makes you look more popular than you are, which is a lie.
  • It wrecks your metrics. All this junk traffic has a 100% bounce rate and 0s session duration, tanking your engagement stats and making real analysis a nightmare.
  • It wastes your time. You should be analyzing real user behavior, not filtering out ghost traffic.

The Fix (No Fluff)

GA4’s built-in bot filtering is clearly not catching this. So you have to do it yourself. It takes two minutes.

  1. Go to Admin.
  2. Under Data collection and modification, click Data Streams.
  3. Click on your web stream.
  4. Under Google tag, click Configure tag settings.
  5. Click Show all, then click List unwanted referrals.
  6. Under Match type, select Referral domain contains.
  7. Under Domain, type leadsgo.io.
  8. Click Add condition.
  9. Click Save.

That was just for Analytics if they are using their website as a referral to spam you, meaning the traffic comes from leadsgo.io > to your site. However, as I soon found out, even if I block them via unwanted domains in GA4 Data Stream, they will soon hit you with utm_source spam that comes from YOUR OWN DOMAIN.

That means you won’t be able to add your own domain to unwanted referral traffic (I mean you could I guess), but the spam now takes a new form from referral to source via the UTM tags. So in essence they attach something like this to your domain:

?utm_source=leadsgo.io&utm_medium=referral&utm_campaign=leadsgo.io

and now that becomes: yourdomain.com/?utm_source=leadsgo.io&utm_medium=referral&utm_campaign=leadsgo.io

And when they use that via their traffic botting software, your GA4 analytics is wrecked again even if you did all the GA4 exclusion from previous step-by-step.

So what to do?

Simple, block them from server directly, either via htaccess rules, or from Cloudflare (if you use it). So if you use Cloudflare all you have to do is:

  1. Log in to Cloudflare
  2. Select your domain name
  3. Go to the security tab on the left side and click on Security Rules
  4. Create a new rule (you got a couple for free)
  5. Select URI, and then use “contain” and for the value the path that I wrote above.
  6. Click Save
block leadsgo.io spam in cloudflare

That’s it.

This blocks it from showing up from now on. It won’t clean your historical data. For that, you’ll have to build a segment in your Exploration reports to exclude Referral source = leadsgo.io when you’re looking at past performance. Annoying, but necessary.

It’s 2025 and we’re still playing whack-a-mole with referral spam. You’d think Google could get ahead of this, but apparently not.

Alright, rant over. Go fix your data.

P.S: I’m irritated that I had to create this post and give them even more exposure.

Share:

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *