network-programmingrum

What is dca0.com and why is our site making GET requests to subdomains of dca0.com?


So we are using some RUM metrics on our site now, and one error that has started cropping up is as follows:

XHR error GET https://l9.dca0.com/srv-id/?uid=a1729baf-1b2b-1c5c-b50a-bfb5d1bf04e8
Failed to load

Additionally, here's a screenshot of our RUM metrics showing a series of these errors: dca0.com subdomain errors

I've touched base with everyone on my team and we do not know what dca0.com is or why multiple different subdomains are being called. I did do a fair amount of googling and was not able to find anything on that url beyond some WHOIS lookups that yielded no useful info.

Does anyone know what this url is, what its used for? As best I can tell, this error only comes from devices running Apple operating systems, either iOS or Mac OS. Is this perhaps some kind of Mac functionality that I'm unfamiliar with?

Any help is appreciated, even just a thread to pull on as I'm at a wall on this topic!


Solution

  • After some intensive debugging I found this related to one of our marketing services: Adroll. I would check if you have the same or similar retargeting services.

    I was able to confirm that this is an XHR request made after the site loads. This is why it is tricky to find via normal methods. RUM metrics does a nice job capturing this.

    From the findings, this looks to be an event tracker. Likely a collector for augmenting an ad farm.

    Doing a Whois lookup for this domain returns a private registration. Tracing this IP back returns various AWS points in Oregon and California (can be routed through many more). This is typical of this type of tracker.