What is this?

This domain used to be a proxy URL for Kirka. It expired last year and remained unregistered until now (January 2026).

While recently looking into Kirka clients and their safety, I noticed an issue most of them share: the Kirka webpage is loaded with Electrons nodeIntegration enabled and contextIsolation disabled. This means the webpage can access Node.js directly. This allows the webpage to execute Node.js code on the users machine, including reading files, deleting files and installing software.

This becomes dangerous if XSS vulnerabilities are found or if the Kirka domain/a proxy domain themselves serve malicious code. There are many potential ways for this to happen, for example if a domain is taken over or if a domain is abandoned and the new owners have malicious intentions. In any of those cases, bad actors are able to gain system access if a user sets their proxy URL to the one taken over and then loads the now malicious webpage.

Cloudyfrogs.com was still an option in multiple Kirka clients, meaning anyone could have registered this domain and hosted malicious code for nearly a year. To mitigate this issue in the future, proxy domains should not be silently dropped and clients should not expose Node to untrusted remote content.
See the Electron documentation: Isolation for untrusted content.
"Under no circumstances should you load and execute remote code with Node.js integration enabled."

What can you do as a User?
If you want to be safe, do not use a client with nodeIntegration enabled and contextIsolation disabled. At the time of writing Redline Client is the only client I can personally recommend.