diff --git a/indicators/opensea-389-9bec97c22fa2e411.yml b/indicators/opensea-389-9bec97c22fa2e411.yml
new file mode 100644
index 0000000..e2d9d28
--- /dev/null
+++ b/indicators/opensea-389-9bec97c22fa2e411.yml
@@ -0,0 +1,22 @@
+title: OpenSea Phishing 389-9bec97c22fa2e411
+description: Detects OpenSea wallet drainers - mystery box scam. Often hosted on Vercel (https://vercel.com/).
+
+references:
+    - https://urlscan.io/result/03383a08-4618-4a92-9bff-99bd8b2be9f2/
+    - https://urlscan.io/result/672f40d7-78fb-4b28-8ef5-9f09591e20ea/
+    - https://urlscan.io/result/c6ed3c5a-e79a-491b-b316-deedc0527c49/
+    
+detection:
+
+  fileRequest:
+    requests|endswith: '/389-9bec97c22fa2e411.gif'
+    
+  fileUsage:
+    # This GIF file is used on a lot of OpenSea scams.
+    html|contains: '/389-9bec97c22fa2e411.gif'
+
+  condition: fileRequest and fileUsage
+
+tags:
+    - target.opensea
+    - cryptocurrency