diff --git a/indicators/roblox-8l0pamh6.yml b/indicators/roblox-8l0pamh6.yml
new file mode 100644
index 00000000..36f676ec
--- /dev/null
+++ b/indicators/roblox-8l0pamh6.yml
@@ -0,0 +1,33 @@
+title: Roblox Phishing Kit 8l0pamh6
+description: |
+    Detects Roblox phishing sites using a Roblox specific strings
+    within the DOM.
+    
+    Usually at /controlPage/create you can create a "Beaming link"
+    These are often spread through Discord to victims.
+references:
+  - https://www.youtube.com/watch?v=lUL2vgyhsw4
+  - https://urlscan.io/result/c716b820-174e-4211-9c09-4663b4a7e47d/
+  - https://urlscan.io/result/e76d7a2f-3e6d-455e-8da8-1a94ea6c222f/
+  - https://urlscan.io/result/f9ccb8a3-624b-4cb1-b237-36dd81cef6e3/
+  - https://urlscan.io/result/1a62439f-de11-4ee6-a0ed-9c482c0c1906/
+
+detection:
+
+    realDomains:
+        hostname|endswith:
+            - .roblox.com
+            - .rbxcdn.com
+
+    rbxBodyId:
+        dom|contains: body id="rbx-body"
+
+    rbxCDN:
+        dom|contains: rbxcdn
+
+
+    condition: rbxCDN and rbxBodyId and not realDomains
+
+tags:
+    - kit
+    - target.roblox