What is Dropbox.com?
Dropbox (dropbox.com) is a cloud storage service, specifically designed to host user files. Dropbox is a pioneering online file-hosting service, and one of the most popular services still in use today. This service allows its users to save, store, and synchronize their files in the cloud, akin to a virtual hard drive. Furthermore, users can access and share their files and folders on the web, mobile phones, and other applications that are connected to dropbox.com. The Wayback Machine estimates that dropbox.com was founded on December 26, 1996. However, as per dropbox.com’s timeline, the site was founded in 2007 by MIT students, Drew Houston and Arash Ferdowsi. Dropbox.com was created as a solution to saving and keeping files in synch, more simply and safely. As of January 2023, the site dropbox.com receives an estimated 151.3 million monthly views, according to Similarweb. This site’s traffic has been in an exponential growth phase since 2010, when the mobile applications of dropbox were released, having the most traffic during the pandemic years of 2020-2023.
Is Dropbox.com Safe?
I conducted a series of malware tests to find out if dropbox.com is safe and legitimate. The results are below:
I installed the Malwarebytes Browser Guard on my Edge browser and was able to browse the site dropbox.com without any issues.
To check this further I ran malware scans with Malwarebytes and Spybot on my computer after browsing this site dropbox.com and both returned no malware detection. In Addition, I ran a system-wide scan with Microsoft Defender on my computer and no malware was found.
To try to confirm that the site is clean, I checked the site dropbox.com on the online malware scanner Sucuri and it returned as scan failed. You can see the same here: https://sitecheck.sucuri.net/results/dropbox.com
According to Sucuri, the site dropbox.com is a medium security risk. Sucuri says it gave the medium security risk assessment because the scan was unable to run due to a conflict. However, no associated security vendors have blacklisted the site as malicious.
Some hardening improvements could be made such as solving the missing security headers listed below:
Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors ‘none’.
Missing security header to prevent Content Type sniffing.
Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src
The ‘unsafe-inline’ keyword in Content-Security-Policy is not recommended. Consider using unsafe-hashes or nonces instead. Affected pages:
https://www.dropbox.com/ for Google’s UA
https://www.dropbox.com/ for iPad’s UA
Lastly, I ran another malware scan with VirusTotal on the domain dropbox.com and the scan returned that no security vendors have flagged the site as malicious. You can see the same here: https://www.virustotal.com/gui/domain/dropbox.com
In conclusion, the site dropbox.com is a medium security risk due to a conflict that caused the scan to fail, according to Sucuri. However, both Sucuri and VirusTotal report that no security vendors have deemed the domain dropbox.com as malicious.