indexo.dev

bimtrackapp.co

.co crawl

First seen 2026-04-13 · Last seen 2026-05-06 · ok HTTP/1.1 200 960 ms crawled 2026-05-06

FR · 51.103.39.38 · AS8075 Microsoft Corporation

Reputation 97/100 dmarc monitor-only

Classifying

HTML metadata

Title
Newforma Konekt
Language
en

Technology

Third-party hosts loaded (3)

  • bt02storage.blob.core.windows.net×2
  • www.google.com×1
  • www.newforma.com×1

DNS records live

NS
  • ns-1121.awsdns-12.org
  • ns-2010.awsdns-59.co.uk
  • ns-6.awsdns-00.com
  • ns-928.awsdns-52.net
MX
  • 10 aspmx.l.google.com
  • 20 alt1.aspmx.l.google.com
  • 30 alt2.aspmx.l.google.com
  • 40 aspmx2.googlemail.com
  • 50 aspmx3.googlemail.com
TXT
  • google-site-verification=-pvThdZvoKTZCV6Dft9h8VnIU0EGyyUZ3UO9bk_FCD0

Email authentication strong

SPF
v=spf1 include:sendgrid.net ~all
softfail (~all)
DMARC
v=DMARC1; p=none; pct=100; rua=mailto:dmarc.rua@bimtrackapp.co
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

Go Daddy Secure Certificate Authority - G2
from 2025-11-26 to 2026-12-28
Expires in 223 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://auth.bimtrackapp.co/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3D862d3f0300e34059865502e15eb2c09d%26redirect_uri%3Dhttps%253A%252F%252Fbimtrackapp.co%252F%26response_type%3Dcode%26scope%3DBIMTrack_Website%2520PIMTrack_Api%2520BIMTrack_Api%2520openid%2520email%2520profile%2520offline_access%2520FileManagement_Api%2520DocumentControl_Api%2520ShareCenter_Api%2520SubscriptionService_Api_Read%2520CommunicationsChannels_Api%2520ViewerService_Api_Settings%2520ViewerService_Api_Files%2520ViewerService_Api_Files_Download%2520ViewerService_Api_SavedViews%2520UserManagementService_Api%2520ProjectService_Api%2520DeltekIntegration_Api%2520External_Access_Token%26code_challenge%3Do5X_FQopHicZKqLiyYAwK10NaE-__Sq5R6S4PyzMP80%26code_challenge_method%3DS256%26state%3DOpenIdConnect.AuthenticationProperties%253D0dJigyByKG_gxPcSdiPcMFPh4CY_mSety3kpnAo2zkpLah-7GKT_80sOcqoLoIe2_oO9gCbld50f_xHzjzOAXHau5gKJG1aQ5fnOxwbVzNB3KVlonB0UoRxgpArJhHeGpjreLWN-Wfpkn597PMq1kjKGtEinYXnEJsXl0WXD8Gk8PpbjC6ZlHlVpbfRmozjDaXUVxWXy-HE4gpp5IyRyyRi--iozqcZhMde1w_uSEXsWPl_3pTGYMEPkTcn6H47ytEccVEOpL6zgFd1Q2bCwMA%26response_mode%3Dform_post%26nonce%3D639136957250884683.N2YyMmQxNjAtMWU0OC00YTQxLTliNzMtZWYzZTExMmIwZjhkYTA5NWRiYTMtNjZmNC00OThjLThkZjYtYjZhNDQxZTMxMWZm%26x-client-SKU%3DID_NET472%26x-client-ver%3D6.34.0.0

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
no-referrer
x-frame-options
SAMEORIGIN
permissions-policy
camera=(), display-capture=(), fullscreen=(self), geolocation=(), microphone=()
x-content-type-options
nosniff
content-security-policy
default-src https://dc.services.visualstudio.com/v2/ https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://newforma.my.site.com/ https://newforma.my.salesforce-scrt.com/ https://*.zopim.com wss://*.zopim.com 'self'; style-src 'self' 'unsafe-inline' https://newforma.my.salesforce-sites.com https://newforma.my.salesforce.com https://newforma.my.site.com/ https://service.force.com; object-src 'none'; script-src https://az416426.vo.msecnd.net https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.newforma.com/ https://bimtrack.co/ https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://bimtrack.zendesk.com wss://bimtrack.zendesk.com https://service.force.com https://newforma.my.salesforce-sites.com https://newforma.my.sales
strict-transport-security
max-age=31536000; includeSubDomains

Links to (1)

Linked from (1)