← Use Cases

How do I protect my Discord server from dangerous links?

The problem

Discord servers are a prime target for phishing. Fake Nitro giveaways, impersonated login pages, and malicious links disguised as game downloads appear constantly. Community moderators can't review every link in real time, and members click before thinking.

Discord's built-in link scanning is limited. It catches known threats in databases, but not a brand-new phishing domain registered hours ago that mimics a well-known brand.

How Unphurl solves it

Build a Discord bot that sends every posted URL to Unphurl's API. The bot uses Discord's message events to intercept links, checks them in milliseconds, and posts a warning or deletes the message if the score exceeds your threshold. The architecture mirrors a Slack security bot but uses Discord's bot/webhook API.

Signals that matter for this use case

  • Brand impersonation catches fake Discord, Steam, Epic Games, and Nitro phishing pages
  • Domain age <7 days flags freshly registered attack infrastructure
  • Excessive redirects reveal obfuscation chains hiding the real destination
  • URL contains IP catches direct-IP phishing that bypasses domain filtering
  • Encoded hostname detects percent-encoded characters used to obfuscate URLs

Suggested scoring profile

{
  "name": "discord-bot",
  "weights": {
    "brand_impersonation": 40,
    "domain_age_3": 40,
    "domain_age_7": 30,
    "redirects_5": 25,
    "url_contains_ip": 15,
    "encoded_hostname": 10,
    "subdomain_excessive": 10,
    "domain_entropy_high": 10,
    "ssl_invalid": 15,
    "phishing_floor": 80
  }
}

What a result looks like

A member posts a "free Nitro" link: https://disc0rd-nitro-gift.xyz/claim. Your bot checks it:

Score: 80/100
Brand impersonation: discord.com (+40)
Domain age: 1 day (+40)
SSL: valid
Redirects: 2 hops

The bot posts the signals to the channel: "Score: 85/100. Impersonating discord.com. Domain registered yesterday. No MX record." The channel admin decides what to do next.

Cost

Most links shared in Discord (YouTube, Twitch, Twitter, Reddit) are known domains that resolve free. A busy server with 2,000 links per month might see 20-100 pipeline checks. The Starter package ($9 for 100 pipeline checks) covers most communities.

Get started

# Check a URL from the CLI
npx unphurl https://disc0rd-nitro-gift.xyz/claim --profile discord-bot

# Or via the API from your Discord bot
curl -H "Authorization: Bearer uph_your_key" \
  "https://api.unphurl.com/v1/check?url=https://disc0rd-nitro-gift.xyz/claim&profile=discord-bot"
Read the docs All use cases