HTTP/1.1 404 Not Found
Date: Thu, 18 Dec 2014 17:57:50 GMT
Server: Apache
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>404 Not Found</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
body {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
background-color:#367E8E;
scrollbar-base-color: #005B70;
scrollbar-arrow-color: #F3960B;
scrollbar-DarkShadow-Color: #000000;
color: #FFFFFF;
margin:0;
}
a { color:#021f25; text-decoration:none}
h1 {
font-size: 18px;
color: #FB9802;
padding-bottom: 10px;
background-image: url(sys_cpanel/images/bottombody.jpg);
background-repeat: repeat-x;
padding:5px 0 10px 15px;
margin:0;
}
#body-content p {
padding-left: 25px;
padding-right: 25px;
line-height: 18px;
padding-top: 5px;
padding-bottom: 5px;
}
h2 {
font-size: 14px;
font-weight: bold;
color: #FF9900;
padding-left: 15px;
}
</style>
</head>
<body>
<div id="body-content">
<!-- start content-->
<!--
instead of REQUEST_URI, we could show absolute URL via:
http://HTTP_HOST/REQUEST_URI
but what if its https:// or other protocol?
SERVER_PORT_SECURE doesn't seem to be used
SERVER_PORT logic would break if they use alternate ports
-->
<h1>404 Not Found</h1>
<p>The server can not find the requested page:</p>
<blockquote>
(none)/xmlrpc.php (port 80)
</blockquote>
<p>
Please forward this error screen to 184.164.144.133's
<a href="mailto:asm@supercloudapps.com?subject=Error message [404] 404 Not Found for (none)/xmlrpc.php port 80 on Thursday, 18-Dec-2014 23:27:50 IST">
WebMaster</a>.
</p>
<hr />
<!-- end content -->
</div>
</body>
</html>
The code that Quttera flags reads packed and not packer (the second packer variety is a known malware code)
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a etc. etc.
The results here are weak and F rated SSL scan results, but not per se malicious as such, thousands of sites could be flagged if we used such criteria for insecurity.
Outside the spam issues if still alive and the plug-in patch insecurity if left open, no big issues here.
Quttera still flags three suspicious file: htxp://quttera.com/detailed_report/buylikesfollowers.org
/wp-content/plugins/layerslider/static/js/layerslider.kreaturamedia.jquery.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘17 bM(e,t,n){16 r;6(1W e==“64”){r=3I(“#”+e)}19 6(1W e==“bD”){r=e}16 i,s;2y(t){1l"8A":i=“fw 3I aE”;s=’]] of length 50105 which may point to obfuscation or shellcode.
&
/wp-content/plugins/layerslider/static/js/greensock.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘(17(e){“4V 4U”;19 t=e.5Z||e;1a(!t.5f){19 n,r,i,s,o,u=17(e){19 n,r=e.1t(“.”),i=t;1b(n=0;r.1c>n;n++)i[’]] of length 45707 which may point to obfuscation or shellcode.
&
wp-content/plugins/layerslider/static/js/layerslider.transitions.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘20 1Z={27:[{j:“13 N E”,d:1,g:1,f:{e:0,i:“o”},c:{n:“W”,b:“1e”,a:G,h:“r”}},{j:“13 N r”,d:1,g:1,f:{e:0,’]] of length 19856 which may point to obfuscation or shellcode.
For the redirect _re%3D%2F%5E(%3F%3A(%3F%3A%5B%5E%3A%5C%2F%3F%23%5D%2B)%3A)%3F(%3F%3A%5C%2F%5C%2F(%3F%3A%5B%5E%5C%2F%3F%23%5D*))%3F(%5B%5E%3F%23%5D*)(%3F%3A%5C%3F(%5B%5E%23%5D*))%3F(%3F%3A%23&oq=redirect%3Alogin"%3Bvar+uri_re%3D%2F%5E(%3F%3A(%3F%3A%5B%5E%3A%5C%2F%3F%23%5D%2B)%3A)%3F(%3F%3A%5C%2F%5C%2F(%3F%3A%5B%5E%5C%2F%3F%23%5D*))%3F(%5B%5E%3F%23%5D*)(%3F%3A%5C%3F(%5B%5E%23%5D*))%3F(%3F%3A%23&aqs=chrome…69i57j69i58&sourceid=chrome&es_sm=93&ie=UTF-8 consider this http://www.rapidtables.com/web/dev/url-redirect.htm#301-redirect