Box (box.com and formerly box.net) is a file-sharing website. A large percentage of Box users are businesses due to the company’s pricing structure. Subsequently, if you’re the average internet user, you may not hear about it before you learn other names such as Mega and Dropbox. Box gets new users by offering products and solutions for businesses.

Box was cofounded by Aaron Levie, Dylan Smith, Jeff Queisser, and Sam Ghods. Box struggled to grow as a company until Mark Cuban invested $350,000 in 2005. The Wayback Machine shows the domain box.net was originally used in January of 1998, suggesting it may have been acquired by Aaron Levie, the cofounder believed to have started the project, at a later date. According to Wikipedia, Box wasn’t founded by Aaron Levie until 2005, suggesting he bought the domain box.net with some of the funding of Mark Cuban.

As of February 2023, the site box.com has 44.7 million monthly views, according to Similar Web. The Wayback Machine estimates box.com was founded on February 29, 2000. The Internet Archive has saved box.com 22,480 times between February 29, 2000 and December 3, 2023.

Is box.com Safe?

I analyzed box.com for malware and malicious content to check if it was legit or a scam. Here are the results:

I checked box.com on Sucuri, and it returned with no issues. Results: Sucuri scan for the site box.com.

Box.com Sucuri results

Security hardening flaws:

  • Missing security header for ClickJacking Protection. Affected pages:
    https://box.com:443/404javascript.js
    https://box.com:443/404testpage4525d2fdc
    https://www.box.com/CHANGELOG.txt
  • Missing security header to prevent Content Type sniffing. Affected pages:
    https://box.com:443/404javascript.js
    https://box.com:443/404testpage4525d2fdc
    https://www.box.com/CHANGELOG.txt

I then ran a parasite scan with Unmask Parasites on box.com and it found 2 suspicious inline scripts and 1 hidden external link. Results: Unmask Parasites scan for the site box.com.

I have listed them below:

Hidden link:

https://segment-box.com/?key=9mEaWAAXfspF6epYVozDiTF43jJErnJl

Long suspicious script:

(window.NREUM||(NREUM={})).init={ajax:{deny_list:["bam.nr-data.net"]}};(window.NREUM||(NREUM={})).loader_config={xpid:"VQ...

Long suspicious script:

(function(){var js = "window['__CF$cv$params']={r:'7a50b7919acace40',m:'0rndNVPP2I3vkbHGoCw86k.SIT4MnjadE4gjR5sDVvc-16783...

I also checked box.com on VirusTotal, and it is clean. Results: VirusTotal scan for the site box.com.

Box.com VirusTotal results

In conclusion, box.com doesn’t have malware and is a low security risk according to Sucuri. Unmask Parasites did find a suspicious link and 2 suspicious long scripts. No security vendors on VirusTotal or Sucuri have flagged box.com as malicious. OVERALL GRADE: Relatively Safe.

Links and Profiles

Website: box.com

References

1. SimilarWeb – box.com

2. Wayback Machine – box.com