⬇ Download as HTML File

Dollar General Corporation — Infrastructure Technology Matrix

dollargeneral.com  |  NYSE: DG  |  Analysis Date: June 30, 2026

Secure Gap Partial ℹ Info CF Opportunity
At-a-Glance — Who Runs What ⏰ AKAMAI $600K / 2YR ($300K/YR) — SEPT 2026 RENEWAL
DNS
Akamai
Edge DNS · 8+ years
CDN
Akamai
Replaced F5 · 18–24 mo ago
WAF
Akamai
Kona Site Defender
Bot Management
None
No bot protection in place
API Security
None
No API protection in place
Network DDoS
ISP-only (Lumen & AT&T)
F5 legacy still in place
Email Security
Proofpoint
+ MS Defender for Office 365
Identity / SSO
Microsoft Entra ID
+ Okta tenant active
DLP / CASB
Microsoft
Purview · Defender for Cloud Apps
AI / Data Platform
Google Cloud
Vertex AI · BigQuery · Looker
LLM Platforms
OpenAI + Anthropic
Both domain-verified
Cloud / CMS
Azure + GCP
Adobe AEM Cloud (CMS)
Core Infrastructure
AkamaiEdge DNS
Category
Managed DNS
Nameservers
6 Akamai NS
a1-61, a9-64, a12-64, a13-65, a20-66, a24-67.akam.net
DNSSEC
Not Enabled
CAA Records
None Published
IPv6 (AAAA)
None
Wildcard
Yes → 11.9.0.1
Est. Activation
~2018   High
CF Opportunity: 1-click DNSSEC, CAA mgmt, native IPv6, DNS analytics
AkamaiCDN (Ion / DSA)
Category
Content Delivery Network
Coverage
www.dollargeneral.com only
Via edgekey.net CNAME
HTTP/3
Supported (alt-svc)
Caching
Tiered "Hit from child"
Gaps
popshelf, order, portal, jobs — NO CDN
Header Leaks
x-served-by, akamai-grn, origin-name exposed
Est. Activation
~2018   High
CF Opportunity: Unified CDN across ALL properties, header stripping
AkamaiKona Site Defender (WAF)
Category
Web Application Firewall
XSS Test
Timeout (possibly blocked)
SQLi Test
NOT BLOCKED — HTTP 200
Path Traversal
302 redirect, not WAF block
Assessment
Likely monitor-only mode, not blocking
Coverage
Main site only
Est. Activation
~2018   High
CF Opportunity: Managed WAF rulesets, SQLi demo, ALL-domain coverage
None DetectedBot Management
Category
Bot Management
Status
No bot mgmt visible
JS Challenge
None observed
Bot Headers
None
Risk
Price scraping, credential stuffing (20K+ stores)
Note
Akamai Bot Manager may be licensed but not active
Confidence
Medium
CF Opportunity: Cloudflare Bot Mgmt — retail-specific protection
None DetectedAPI Security / Gateway
Category
API Security
API Gateway
None detected
Auth Leak
x-sky-isauth: 0 exposed
CSP Header
Missing
Permissions-Policy
Missing
Referrer-Policy
Missing
Confidence
High
CF Opportunity: API Shield, Transform Rules, API Gateway
Cloud, Hosting & Network
Microsoft AzurePrimary Cloud
Category
Cloud Hosting (Primary)
Services
App Gateway v2, App Service, Azure Front Door (popshelf)
IPs
20.44.80.191 (apex, prod, commerce, weeklyads, stores)
Origin Leak
Azure App Gateway header exposed
PopShelf
Cookie leak: ARRAffinity → pop-web-app.azurewebsites.net
Est. Activation
~2018–2020   High
CF Opportunity: Cloudflare in front of Azure — header stripping, caching, WAF
Amazon AWSSecondary Cloud
Category
Cloud Hosting (Secondary)
Services
EC2 (us-east-1)
IPs
52.72.202.63 (order.dollargeneral.com)
CDN/WAF
No CDN or WAF on ordering
Note
Different cloud from main site — separate team or acquisition
Confidence
High
CF Opportunity: Multi-cloud proxy — fronts Azure + AWS seamlessly
Dollar GeneralOn-Prem (AS22688)
Category
Self-Managed Network
ASN
AS22688 (DOLGENCORP)
IP Blocks
208.23.227.0/24
8.25.175.0/24
50.201.207.0/24
(768 total IPs)
Transit
Cogent, Lumen, Comcast, AT&T
DDoS
None — direct transit
Est. Activation
Pre-2010   High
CF Opportunity: Magic Transit for DDoS on 3 /24 blocks
Let's Encrypt / SectigoSSL/TLS Certificates
Category
Certificate Management
Edge Cert
Let's Encrypt R12 (DV)
Exp Jul 19, 2026
Origin Cert
Sectigo OV
Exp Sep 11, 2026
Dual CA
Two separate cert lifecycles
SAN Leak
author-prod, author-stage on origin cert
Confidence
High
CF Opportunity: Auto cert management, Advanced Certificate Manager
AdobeAEM Cloud (CMS)
Category
Content Management System
Frontend
React
Origin
AEM env ID exposed in headers
Analytics
Adobe Analytics (omtrdc.net)
A/B Testing
Adobe Target
Est. Activation
~2020–2022   High
CF Opportunity: Cloudflare works with AEM via standard origin pull
Email, Identity & Security
ProofpointEmail Security Gateway
Category
Email Security
MX
mxa/mxb-00155702.gslb.pphosted.com (pri 10)
DMARC
p=reject (strongest)
SPF
Soft fail (~all) — should be -all
DKIM
M365 + SendGrid selectors
Est. Activation
~2020   High
CF Opportunity: CF Email Security — complement or replace Proofpoint
Microsoft365 / Exchange Online
Category
Email & Collaboration
Tenant
dgcloud.onmicrosoft.com
Verification
MS=ms96978521
DKIM
selector1/selector2 active
Webmail
webmail-dgcloud.msappproxy.net (Azure AD App Proxy)
Est. Activation
~2018–2020   High
CF Opportunity: CF Access can replace Azure AD App Proxy
OktaSSO / Identity Provider
Category
Identity & Access
Tenant
dollargeneral.okta.com Active
Hybrid
Okta + Azure AD / Entra ID concurrent
VPN
Unknown — likely hardware
Zero Trust
Not a full ZT architecture
Est. Activation
~2020   Medium
CF Opportunity: Cloudflare One (ZTNA + SASE) — 20K stores, 190K employees
Twilio SendGridTransactional Email
Category
Transactional Email
Account
u3006497.wl248.sendgrid.net
DKIM
s1/s2 + smtpapi
Subdomain
ci.dollargeneral.com → sendgrid.net
Purpose
Order confirmations, receipts, notifications
Confidence
High
ServiceNowITSM
Category
IT Service Management
Instance
help → dgcsmdev (DEV!)
Risk
DEV instance publicly aliased as production help
Status
Possible misconfiguration
Note
"dgcsmdev" = Customer Service Mgmt DEV
Confidence
Medium
AI Platforms, SaaS & Third-Party Services
OpenAIAI Platform
Evidence
openai-domain-verification TXT record
Use Cases
Likely: chatbots, inventory AI, employee tools
Confidence
Confirmed
CF: AI Gateway for observability + rate limiting
AnthropicClaude AI
Evidence
anthropic-domain-verification TXT record
Use Cases
Likely: enterprise AI assistants, analysis
Confidence
Confirmed
CF: AI Gateway model routing + fallback
AtlassianJira / Confluence
Evidence
atlassian-domain-verification + sending-domain TXT
Purpose
Project mgmt, wiki, email notifications
Confidence
Confirmed
DocuSignE-Signature
Evidence
docusign TXT verification
Purpose
Contract & document signing
Confidence
Confirmed
SmartsheetProject Management
Evidence
smartsheet-site-validation TXT
Purpose
Project tracking, collaboration
Confidence
Confirmed
MongoDB / LiveRampData Platforms
Evidence
mongodb + liveramp site-verification TXT
Purpose
Database (Atlas), data connectivity (LiveRamp)
Confidence
Confirmed
Subsidiaries & Sister Domains
popshelf.comDG Subsidiary
DNS
Akamai NS
Hosting
Azure Front Door + App Service (Next.js)
WAF/CDN
NONE — zero edge protection
Cookie Leak
ARRAffinity → pop-web-app.azurewebsites.net
Email
Same Proofpoint as DG
Confidence
High
CF Opportunity: IMMEDIATE — unprotected subsidiary, easy quick win
dgcustomerfirst.com VERIFY — CF HEADERS DETECTED
DNS
Cloudflare NS detected carter.ns.cloudflare.com
Stack
WordPress / LiteSpeed
CF Headers
server: cloudflare, cf-ray header present in scan
Ownership
May be 3rd-party managed — NOT confirmed as DG-owned CF account
Action
Verify whether DG controls this domain or if it's a vendor site
Confidence
Medium — needs verification
Note: CF headers confirmed in DNS scan but DG may not have an active CF account
dg.comShort Brand Domain
DNS
Same Akamai NS
Hosting
Azure (20.44.80.191) — same as apex
SSL
Sectigo OV (on origin cert SAN)
Purpose
Brand shortcut domain
Status
Properly configured
Confidence
High
dollargeneral.org NOT DG-CONTROLLED
DNS
HastyDNS (not enterprise)
Hosting
69.162.80.61 (suspicious)
Risk
HIGH — phishing vector
Action
DG should acquire or file UDRP dispute
Confidence
Medium
CF Opportunity: CF Registrar for domain consolidation
Other Brand DomainsMixed Status
dgnow.com
Parked (CashParking)
dgme.com
TopDNS — employee portal, conn refused
dgdelivers.com
Namecheap — purpose unclear
dgwellbeing.com
On www cert SAN — employee wellness
hereforwhatmatters.com
On www cert SAN — brand campaign
Confidence
Medium
CF Opportunity: Registrar consolidation for all DG domains
Legacy Infrastructure & Shadow IT
Microsoft Lync/SfB Legacy UC in DNS
Endpoints
lyncdiscover → gvlsfeext.dollargeneral.com
sip → 208.23.227.172
meet → 208.23.227.177
Decoding
GVL=Goodlettsville, SFE=SfB Front End, EXT=External
Risk
HIGH — exposes on-prem to scanning
Status
Replaced by Teams; DNS never cleaned up
ServiceNow DEV DEV as Production
Finding
help.dollargeneral.com → dgcsmdev.service-now.com
Risk
HIGH — DEV config exposed
Note
"csmdev" = Customer Service Mgmt DEV
Fix
Point to production SNOW instance
QA Environment Staging Exposed
Finding
qa.dollargeneral.com → edgekey.net (on CDN)
Risk
MEDIUM — staging publicly accessible
Also
author-prod, author-stage, stage on cert SAN
Fix
Restrict to IP allowlist or auth
Header / Origin Leaks Info Disclosure
AEM Origin
publish-p137762-e1400902.adobeaemcloud.com
Azure
Microsoft-Azure-Application-Gateway/v2
Akamai
akamai-grn, x-served-by, x-timer
Cache
cache-control: public, private (contradictory)
Domain Expiration ALERT
Domain
dollargeneral.com
Registered
August 19, 1996
Expires
Aug 18, 2026 (~7 weeks!)
Registrar
CSC Corporate Domains (likely auto-renew)
Competitive Landscape — Who Uses What
Dollar Tree / Family Dollar$30B Revenue
DNS
Akamai
CDN
Akamai (GHost / NetStorage)
Cloudflare?
No
Five BelowValue Retail
DNS
CSC DNS
CDN/WAF
Cloudflare
Cloudflare?
FULL STACK — best peer reference
Walmart$648B Revenue
DNS
Akamai
CDN
Akamai
Cloudflare?
No
Target$107B Revenue
DNS
Akamai
CDN
Fastly
Cloudflare?
No
Tractor Supply / Big Lots / ALDIAdjacent Retail
DNS
Akamai / CSC
CDN
Akamai / CloudFront
Cloudflare?
No
Top 5 Cloudflare Sales Entry Points
#1 — PopShelf.comCDN + WAF + Bot Mgmt
Subsidiary with zero WAF/CDN. Origin cookies leaking. Azure exposed. Quick win — doesn't touch Akamai contract.
Urgency
IMMEDIATE
#2 — On-Prem DDoSMagic Transit + Spectrum
3 /24 blocks (AS22688) with no DDoS scrubbing. Direct transit. Portal, jobs, SIP exposed.
Urgency
HIGH
#3 — AI GatewayAI Gateway
Confirmed OpenAI + Anthropic via TXT. AI Gateway: observability, caching, rate limiting, model routing.
Urgency
STRATEGIC
#4 — Zero Trust / SASECloudflare One
20K stores, 190K employees. Okta + Azure AD but no ZTNA. WARP + Gateway for store network.
Urgency
STRATEGIC
#5 — Email SecurityCF Email Security
Proofpoint incumbent but SPF soft fail (~all). CF Email Security as complement or displacement.
Urgency
COMPETITIVE