What is VK.com?
VK (vk.com), which is short for VKontakte (in Contact in Russian), is the largest social media network in Russia and the CIS (Commonwealth of Independent States). VK was founded by Pavel Durov and incorporated in January 2007 as an audio and video platform. In July of the same year, vk.com reached a user base of 1 million and 10 million in the following years. With its headquarters in St. Petersburg, VK has become the most popular social network service with approximately 100 million monthly active users as of 2022. Some of the features offered by VK.com are a messaging system, news, calls with no limits, video, and monetization for content creators and music, to mention a few. Additionally, VK is available in multiple languages and offers a tool to manage online community pages as well as celebrity ones.
According to Similarweb, as of February 2023, the site vk.com receives an estimated 1.2 billion monthly views. The Wayback Machine determines that vk.com was founded on May 11, 2000, but as per VK’s history, it was released to the public in 2007. Traffic for the site vk.com started to skyrocket in 2011 and has been on a steady incline since.
Website: https://vk.com/
Is VK.com Safe?
I conducted a series of malware tests to find out if vk.com is safe and legit. Here are the results:
I installed the Malwarebytes Browser Guard on my Edge browser and was able to browse the site vk.com without any issues.
To check this further I ran malware scans with Malwarebytes and Spybot on my computer after browsing the site vk.com and they returned no malware detection. I also ran a system-wide scan with Microsoft Defender and no malware was found.
To try to confirm that the site is clean, I also checked the site vk.com on the online malware scanner Sucuri and it returned with no issues. You can see the same here: https://sitecheck.sucuri.net/results/https/www.vk.com
Vk.com has been graded as a low security risk by Sucuri. Further, the site has not been blacklisted by any of the 9 blacklists checked.
Some hardening improvements can be made by solving the missing security headers as follows:
Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors ‘none’. Affected pages:
https://browser.ru/v3/atr2/?_1lr=0-3245029_2013344_505021&utm_content=atom&utm_medium=banner&utm_campaign=ExpVKGameLine_all_all_all_standart&utm_source=vk&rfr=505021
https://vk.com/404javascript.js
https://vk.com/404testpage4525d2fdc
https://www.google.com/chrome/Missing security header to prevent Content Type sniffing. Affected pages:
https://browser.ru/v3/atr2/?_1lr=0-3245029_2013344_505021&utm_content=atom&utm_medium=banner&utm_campaign=ExpVKGameLine_all_all_all_standart&utm_source=vk&rfr=505021
https://m.vk.com/ for iPad’s UA
https://vk.com/404javascript.js
https://vk.com/404testpage4525d2fdcMissing Strict-Transport-Security security header. Affected pages:
https://browser.ru/v3/atr2/?_1lr=0-3245029_2013344_505021&utm_content=atom&utm_medium=banner&utm_campaign=ExpVKGameLine_all_all_all_standart&utm_source=vk&rfr=505021
https://vk.com/404javascript.js
https://vk.com/404testpage4525d2fdc
https://www.google.com/chrome/Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src
The ‘unsafe-inline’ keyword in Content-Security-Policy is not recommended. Consider using unsafe-hashes or nonces instead. Affected pages:
https://m.vk.com/ for iPad’s UA
https://www.mozilla.org/en-US/
On a positive note, no malware was found during its scan and vk.com has a website firewall in place to protect against hacks.
I also ran a parasite scan with Unmask Parasites on the site vk.com and it states that the page seems to be clean. You can see the same here: https://unmask.sucuri.net/security-report/?page=vk.com
Lastly, I ran a malware scan with VirusTotal for the domain vk.com and 1 of the 90 security vendors has flagged the domain as malicious. You can see the same here: https://www.virustotal.com/gui/domain/vk.com
It’s always unfortunate when a security vendor deems a domain as malicious. However, 1 out of 90 still is a very low score.
In conclusion, the site vk.com is a low security risk and does not have malware according to Sucuri. Moreover, it is also clean of parasites and only 1 of 99 security vendors, associated with Sucuri and VirusTotal, has deemed the domain as malicious.