https://www.bleepingcomputer.com/news/security/hackers-hiding-web-shell-logins-in-fake-http-error-pages/

Malware distributors, hackers, and phishing scammers are continuing to use the practice of hiding login forms for their web shells in fake HTTP error documents. These pages pretend to be HTTP errors such as 404 Not Found or Forbidden, while in reality they are login pages that allow an attacker to access a web shell to issue commands on the server.

While this practice is not new, phishing expert & security researcher nullcookies has noticed an increase in the use of these types of fake error pages to hide web shells. These web shells allow the hackers to upload malware, phishing scripts, or other software.