diff --git a/indicators/pagopa-019638cd.yml b/indicators/pagopa-019638cd.yml
new file mode 100644
index 00000000..f69036ae
--- /dev/null
+++ b/indicators/pagopa-019638cd.yml
@@ -0,0 +1,30 @@
+title: PagoPA Phishing Kit 019638cd
+description: |
+  Detects sites that mimic the payment process of the PagoPA platform established by the Italian Government for payments to public administrations.
+  The kit uses the Cleave JS library to validate credit card numbers and dates.
+first_seen: 2025-04-14
+references:
+    - https://cert-agid.gov.it/wp-content/uploads/2025/04/pagoPA.json
+    - https://urlscan.io/result/019638cd-0a40-76fc-8fe0-4bcd550f9c0f
+    - https://urlscan.io/result/01963b32-dccf-75d1-bfc9-00807a035688
+
+detection:
+
+  requestsContent:
+    requests|contains: 'cleave.min.js'
+    
+  jsContent:
+    js|contains: 'function isInputNumber(evt)'
+    
+  domContents:
+    dom|contains|all:
+      - 'pagamento'
+      - 'pagopa'
+      - 'action="logz/log.php"'
+
+  condition: requestsContent and jsContent and domContents
+
+tags:
+  - kit
+  - target_country.italy
+  - target.pagopa