Title: Quttera Error message
Last modified: August 10, 2019

---

# Quttera Error message

 *  Resolved [Rob Art](https://wordpress.org/support/users/robword/)
 * (@robword)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/quttera-error-message/)
 * Hi
    Can you can firm this is a error message that can be whitelisted from your
   code for a possible threat?
 *     ```
       Severity:	enSuspiciousThreatType
       File:	wp-content/plugins/wordfence/lib/menu_tools_diagnostic.php
       File signature:	37b1fc3cd5838015a0ca9f390a014b07
       Threat signature:	a3a97306a17681f7d765db612a6cb2b2
       Threat name:	Heur.PHP.Dropper.gen
       Threat:	<?php phpinfo();
       Details:	Generic PHP information dropper
       ```
   

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Thread Starter [Rob Art](https://wordpress.org/support/users/robword/)
 * (@robword)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/quttera-error-message/#post-11820225)
 *     ```
       Severity:	enSuspiciousThreatType
       File:	wp-content/plugins/wordfence/lib/wfUtils.php
       File signature:	f0bf92c9e9b89296bdb84df32c2f8cc1
       Threat signature:	156bcff48f5f3b00e26cabad8e4d8b51
       Threat name:	Heur.PHP.Encoded.gen
       Threat:	\x00\x00\x00\x00\x00
       Details:	Generic suspicious HEX encoder
       ```
   
 *  Thread Starter [Rob Art](https://wordpress.org/support/users/robword/)
 * (@robword)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/quttera-error-message/#post-11820227)
 *     ```
       Severity:	enPotentiallySuspiciousThreatType
       File:	wp-content/plugins/wordfence/lib/wfUtils.php
       File signature:	f0bf92c9e9b89296bdb84df32c2f8cc1
       Threat signature:	156bcff48f5f3b00e26cabad8e4d8b51
       Threat name:	Heur.PHP.Encoded.gen.271C
       Threat:	\x00\x00\x00\x00\x00
       Details:	Potentially suspicious obfuscated PHP threat
       ```
   
 *  Thread Starter [Rob Art](https://wordpress.org/support/users/robword/)
 * (@robword)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/quttera-error-message/#post-11820228)
 *     ```
       Severity:	enSuspiciousThreatType
       File:	wp-content/plugins/wordfence/js/admin.1564590761.js
       File signature:	3bbca5bc0645c5ff8e9b9803765d311c
       Threat signature:	156bcff48f5f3b00e26cabad8e4d8b51
       Threat name:	Heur.PHP.Encoded.gen
       Threat:	\x00\x00\x00\x00\x00
       Details:	Generic suspicious HEX encoder
       ```
   
 *  Thread Starter [Rob Art](https://wordpress.org/support/users/robword/)
 * (@robword)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/quttera-error-message/#post-11820229)
 *     ```
       Severity:	enPotentiallySuspiciousThreatType
       File:	wp-content/plugins/wordfence/js/admin.1564590761.js
       File signature:	3bbca5bc0645c5ff8e9b9803765d311c
       Threat signature:	156bcff48f5f3b00e26cabad8e4d8b51
       Threat name:	Heur.PHP.Encoded.gen.271C
       Threat:	\x00\x00\x00\x00\x00
       Details:	Potentially suspicious obfuscated PHP threat
       ```
   
 *  [WFSupport](https://wordpress.org/support/users/wfsupport/)
 * (@wfsupport)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/quttera-error-message/#post-11835175)
 * These aren’t threats. They are very loose signatures from Quttera that are flagging
   things as a result. For example this message:
 *     ```
       Severity:	enSuspiciousThreatType
       File:	wp-content/plugins/wordfence/js/admin.1564590761.js
       File signature:	3bbca5bc0645c5ff8e9b9803765d311c
       Threat signature:	156bcff48f5f3b00e26cabad8e4d8b51
       Threat name:	Heur.PHP.Encoded.gen
       Threat:	\x00\x00\x00\x00\x00
       Details:	Generic suspicious HEX encoder
       ```
   
 * Here’s the actual code that is warning about.
 *     ```
                           //Both to 16-byte binary strings
                           var binStart = ("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff" + ip1).slice(-16);
                           var binEnd = ("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff" + ip2).slice(-16);
       ```
   
 * Each of your examples (including this one) flagged for \x00 are dealing with 
   IP addresses. Since we support both IPv4 and IPv6, IPv4 needs to be represented
   as “IPv4-mapped IPv6”, which has a prefix of a bunch of 00 bytes, two ff bytes,
   and then the four bytes of the IPv4 address. The example above with binStart 
   and binEnd deals with the IPs for advanced blocking ranges.
 * Quttera also warns about the diagnostics page to retrieve a PHP info page:
 *     ```
       Severity:	enSuspiciousThreatType
       File:	wp-content/plugins/wordfence/lib/menu_tools_diagnostic.php
       File signature:	37b1fc3cd5838015a0ca9f390a014b07
       Threat signature:	a3a97306a17681f7d765db612a6cb2b2
       Threat name:	Heur.PHP.Dropper.gen
       Threat:	<?php phpinfo();
       Details:	Generic PHP information dropper
       ```
   
 * That’s not something I would generally find suspicious by itself.
 * At any rate, we looked at all of these just to make absolutely sure and none 
   of them are malicious. They are the result of some fairly loosely written scan
   signatures on Quttera’s side.
 * Tim

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Quttera Error message’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 5 replies
 * 2 participants
 * Last reply from: [WFSupport](https://wordpress.org/support/users/wfsupport/)
 * Last activity: [6 years, 10 months ago](https://wordpress.org/support/topic/quttera-error-message/#post-11835175)
 * Status: resolved