Over the years, we've seen file hosting being abused to house malicious payloads that are either downloaded by a "dropper", or are used in the likes of drive-by attacks.
One of the most common ones abused today, is of course, dropbox.com. However, over the past 24 months, I formed a fantastic relationship with them that has proven extremely effective in getting the malware removed extremely quickly. One of the methods criminals such as those at hackforums.net, are using to get past this, is by setting up their own dedicated file hosts. Just some off the top of my head include;
I've been successful in getting a few suspended, and others not so successful (yet), thanks in part, to lack of co-operation from the likes of eNom, NameCheap and CloudFlare etc. Some that have been suspended, such as filehold.net, have re-appeared elsewhere and re-suspended, and as of 24-48 hours ago, re-appeared yet again.
The latest to be suspended, is dlandexe.com, which kept allowing and encouraging, malicious files to be uploaded (not surprising, the owner of the site is an active member of a blackhat forum).
The blackhat scanners these use to check if their file is detected, includes;
If you've not already got a block on the above file hosts, I'd strongly recommend you do so. Other sites they're using, aside from dropbox.com, include;