OpenSea Phishing 389-9bec97c22fa2e411

Detects OpenSea wallet drainers - mystery box scam. Often hosted on Vercel (https://vercel.com/).

References

IOK Rule (edit) 

title: OpenSea Phishing 389-9bec97c22fa2e411
description: Detects OpenSea wallet drainers - mystery box scam. Often hosted on Vercel (https://vercel.com/).

references:
    - https://urlscan.io/result/03383a08-4618-4a92-9bff-99bd8b2be9f2/
    - https://urlscan.io/result/672f40d7-78fb-4b28-8ef5-9f09591e20ea/
    - https://urlscan.io/result/c6ed3c5a-e79a-491b-b316-deedc0527c49/
    
detection:

  fileRequest:
    requests|endswith: '/389-9bec97c22fa2e411.gif'
    
  fileUsage:
    # This GIF file is used on a lot of OpenSea scams.
    html|contains: '/389-9bec97c22fa2e411.gif'

  condition: fileRequest and fileUsage

tags:
    - target.opensea
    - cryptocurrency