What Is dropbox.com?

Dropbox (dropbox.com) is a cloud storage service, specifically designed to host user files. Dropbox is a pioneering online file-hosting service, and one of the most popular services still in use today. This service allows its users to save, store, and synchronize their files in the cloud, akin to a virtual hard drive. Furthermore, users can access and share their files and folders on the web, mobile phones, and other applications that are connected to dropbox.com. The Wayback Machine estimates that dropbox.com was founded on December 26, 1996. However, as per dropbox.com’s timeline, the site was founded in 2007 by MIT students, Drew Houston and Arash Ferdowsi. Dropbox.com was created as a solution to saving and keeping files in synch, more simply and safely. As of January 2023, the site dropbox.com receives an estimated 151.3 million monthly views, according to Similarweb. This site’s traffic has been in an exponential growth phase since 2010, when the mobile applications of dropbox were released, having the most traffic during the pandemic years of 2020-2023.

Links and Profiles

Website: dropbox.com

Is dropbox.com Safe?

I analyzed dropbox.com for malware and malicious content to check if it was legit or a scam. Here are the results:

I checked the site dropbox.com on the online malware scanner Sucuri and it returned as scan failed. You can see the same here: Sucuri scan for the site dropbox.com.

Dropbox.com Sucuri results

See also: How To Stay Safe Online

According to Sucuri, the site dropbox.com is a medium security risk. Sucuri says it gave the medium security risk assessment because the scan was unable to run due to a conflict. However, no associated security vendors have blacklisted the site as malicious.

Some hardening improvements could be made such as solving the missing security headers listed below:

  • Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'.
  • Missing security header to prevent Content Type sniffing.
  • Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src
  • The ‘unsafe-inline’ keyword in Content-Security-Policy is not recommended. Consider using unsafe-hashes or nonces instead. Affected pages:
    https://www.dropbox.com/ for Google’s UA
  • The ‘unsafe-eval’ keyword in Content-Security-Policy is not recommended. Please consider fixing the JavaScript code.. Affected pages:
    https://www.dropbox.com/ for iPad’s UA

However, these hardening improvements don’t impact the Sucuri grade.

To check this further I ran a parasite scan with Unmask Parasites on the site dropbox.com and it says the page is suspicious. You can see the same here: Unmask Parasites scan for the site dropbox.com.

Unmask Parasites cites 1 suspicious inline script and 1 hidden external link found.

Long suspicious script:

(function(){"use strict";const PerfTimer="object"==typeof performance&&"function"==typeof performance.now?performance:Dat...

Hidden link:

https://www.docsend.com/dropbox-integration/?utm_source=dropbox%20referral&utm_medium=referral&utm_campaign=hp-jtbd&signup_source=hp-jtbd

I also checked the domain dropbox.com on VirusTotal and the scan returned that no security vendors have flagged the site as malicious. You can see the same here: VirusTotal scan for the site dropbox.com.

Dropbox.com VirusTotal results

In conclusion, the site dropbox.com is a medium security risk due to a conflict that caused the scan to fail, according to Sucuri. However, both Sucuri and VirusTotal report that no security vendors have deemed the domain dropbox.com as malicious. Overall grade: Relatively Safe.

References

1. SimilarWeb – dropbox.com

2. Wayback Machine – dropbox.com