Secure · Private · No Logs
File hosting
without fear
Upload PHP, SVG, binaries — anything. Files are never executed, always force-downloaded. Treated as inert binary objects.
Drop file here
or click to browse
.php.svg.pdf.zip.tar.gz.rar.7z+more
Max size: 85 MB
No PHP runtimeSVG sanitized server-sideSHA-256 verifiedChunked streaming85MB max
Security model
Zero Execution
PHP, shell scripts, SVG — everything is stored as raw binary. No interpreter ever touches uploaded content.
Force Download
Every file is served with Content-Disposition: attachment and Content-Type: application/octet-stream. Browsers can't render it inline.
Chunked Upload
Files are split into 5MB chunks, uploaded sequentially, and verified with a SHA-256 checksum on the server.
Isolated Subdomain
Downloads happen on files.drughost.pl with a strict CSP of default-src 'none' — completely isolated from the main app.
How it works
Upload→Sanitize→SHA-256→Storage→Force DL