We have an Indian e-commerce website, where about 85% of the traffic comes from India only. I've been watching access logs for the last 2 months and I discovered that almost 50% of the traffic came from a single IP address (18.104.22.168) and that it does not seem like to be false. Since a wide variety of user agent channels are used and our loyal customers (who have already placed orders) also pass through this IP address.
By verifying this IP information, it belongs to – United States – NY – Rochester – Rochester General Hospital. And customers placing orders via this IP address are native to India.
However, Google Analytics shows no difference. I mean that it still indicates about 85% of the traffic coming from India. But based on this IP location, it should also display more than 50% of the traffic coming from the United States.
The website is hosted on AWS EC2, behind an ELB. And I do not think it's an AWS IP address, because the remaining 50% traffic has mixed IP addresses.
My questions are:
- What could be the possible reason for this change?
- Is this IP address hidden? I mean, is it possible to know the real IP behind this?
Tracking IP addresses is part of our job of identifying fake paid traffic to block it. But for this reason, it becomes impossible to block it.