Free hosting services are increasingly abused as distribution infrastructure for web-based attacks. Their low cost, minimal identity verification, and permissive defaults allow attackers to host malicious files anonymously, replicate them across domains, and retain availability despite takedowns. In this paper, we present the first systematic study of malicious file distribution via free hosting providers. We analyze 109 services and identify 36 whose free tiers enable low-effort public file hosting across shared hosting, website builders, and object storage. Using an automated framework, we deploy 57 representative malicious files to 17 providers and monitor their availability for 37 days. Our results show that large-scale automated uploads are feasible on many platforms and that provider-side mitigation is limited. Only 21% of files are removed proactively, and while abuse reports trigger removals at some providers, responses are inconsistent and incomplete: 30% of files remain accessible after repeated notifications. Overall, malicious content on free hosting platforms often persists for weeks, highlighting a largely under-mitigated and scalable attack surface in today’s web infrastructure.
GI International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)
2026-07-01
2026-06-25