Spoofed 404s

Should you trust the HTTP response code when analyzing access logs for suspicious traffic?
DarkClownSecurity Web Shell

How a PHP web shell uses basic functions like tempname, require, and urldecode to remain lowkey.