62.201.237.42 does not have a PTR record associated. It is in Iraq, and owned by iqnet.com:
% Information related to '62.201.237.0/24AS44217'
route: 62.201.237.0/24
descr: IQ-NETWORKS-SULY-SUBNET
origin: AS44217
mnt-by: IQNET-LIR-MNT
created: 2014-01-08T10:04:14Z
last-modified: 2014-01-08T10:04:14Z
My first IndoXploit got downloaded via a honey pot email spamming tool.
This one got downloaded via a honey pot fake WSO web shell.
The attacker used the "FilesMAn" action, "uploadFile" sub-action,
which is a typical use of WSO.
The code would have ended up in a file indodb.php
Nobody has tried to invoke indodb.php so far.
Both reference stale URL http://pastebin.com/EpP671gK
Original references http://pastebin.com/Lj46KxFT,
which claims to be "CGI-Telnet Version 1.3"
Reference to stale URL http://pastebin.com/raw.php?i=XTUFfJLg
Many pastebin uploads
associated with that stale URL.