Popup (DOWN) - http://discordapp.gifts/billing/promotion/vUFkyPQVwCDYME6uuBMndHYa
A WhoIs lookup reveals the domain was registered via NameCheap on July 15, 2021 - Whois discordapp.gifts
According to user reports, the popup will ask them to scan a QR code, which allows for hackers to steal your login information and spread the scam to further victims.
Yes Once you scan the qr code they will recive your discord token
Just wanted to add that they have another domain under the name “discordapp.live” with the same URL (“discordapp(dot)live/billing/promotion/vUFkyPQVwCDYME6uuBMndHYa/”)!
DO NOT SCAN THE QR CODE!!!
EDIT: So I found their discord webhook that they were receiving tokens on and proceeded to spam it with porn using a script i made myself. Within two hours of doing this, the owners of the server receiving the stolen discord tokens had deleted the webhook. Though the website still has the old webhook url so all victims right now are not getting logged. i’m waiting till they update it so i can spam it with porn again. 
I Love that!
New domain is being used now and it’s “discordapp.one” using the same “/billing/promotion/” URL. The message is a bit different this time. Much more simple than the last message I’ve gotten. Also I’ve discovered that their hosting is 000webhost. If anyone wants to go ahead and report these domains to namecheap and 000webhost then we can at least get something shutdown for good. I’ve also reported the two webhooks they’ve used in the past to Discord. Hopefully this does something!
They are using a new domain known as “discord-app.cc”, the message is still a bit different but they are sending it from compromised accounts as opposed to new accounts.
discorcl.gift and others have came about obviously when typing like this it’s noticable, However it’s still the old time typo squat or replace a charactor with 2 others to make 1 letter like r +n to make the letter M and what not.
There’s a similar (or maybe the same) scam going around, where they hijack accounts and spam everyone that account is friended with full of the same Nitro scam.
The fake site has a way for you to enter your Discord username & password and it will use its own API or something to check if the Discord account is valid. It can even get the new IP detected code by just asking you for it - same for 2FA code and all that because it works directly through Discord.
There was another one just like it where it did the exact same thing with the login page, except they used HTML/CSS/JS to fake a Chrome window containing the exact same scam, plus this scam says it’s some kind of partnership between Steam and Discord to give out free 3-month Nitro, and it scams for Steam AND Discord accounts inside the fake Chrome window.
However, the Steam scam doesn’t seem to be running anymore, but a more basic one is.
For example, this is on discorc[.]gift/dP9gH1zM7exEs:
I tried to enter gibberish into the login form, and it can tell that it is gibberish.
The server-side of the scam seems to communicate with Discord’s API as if the server is a user itself and forwards back to the scam website what Discord’s server responds.
Clever scam, I guess.
