Discord Phishing Link Analysis

Analysis of a phishing link being shared in discord currently

Published on January 17, 2022 by 0xRar

DFIR Phishing Analysis

1 min READ

Analysis of (http[:]//disccrdapp [.]com/newyears) Phishing Link


  • Target: discord.com
  • Phish Domain: disccrdapp[.]com
  • IP:
  • DNS Record: AS262254 - DDOS-GUARD CORP
  • Domain Registrar: REG.RU LLC
  • Location: Belize City, Belize
  • Device: Android Phone


This phishing attack scenario happens when the victim clicks on the link accidentally or otherwise it spreads it self by sending the link to the discord friends & joined servers, the link did not ask the victim to enter credintionls in order to send the link or steal any tokens or credentials, this phishing attack is meant to give the users(victims) a free month of discord nitro which costs 9.99$ USD Dollars monthly as if it was brought to you by steam,

This way they can spread the link by discord and or stealing your discord credentials and your steam account credentials and potentially making profit from your steam inventory , also from the urlscan.io the link uses nextcord which is a discord api used to make discord bots so maybe it uses it to make an http request to the server and send the harvested creds via discord, but thats just a possibility.

How do they fool victims:

  • Using a domain name really close to the real domain or related.
  • Cloning the real discord nitro page.
  • Making them think they don’t have to pay and promising them something they want(nitro).
  • Using the exact same embed photo for links as the real discord.

Scans & Screenshots:



Virus Total:

If you want to learn how to to protect yourself you can read this post on the malwarebytes blog: https://blog.malwarebytes.com/scams/2021/10/discord-scammers-lure-victims-with-promise-of-free-nitro-subscriptions/