Registered at the beginning of the year and now already domain dropped?

Viruses and worms
1

See: -ganluchina.com registered on 3-01-2017
Given as expired and/or deleted here: http://www.justdropped.com/drops/020913com.html
Re: Domain Name: GANLUCHINA.COMhttp://toolbar.netcraft.com/site_report?url=ganluchina.com
Registrar: HICHINA ZHICHENG TECHNOLOGY LTD.
Sponsoring Registrar IANA ID: 420
Whois Server: -grs-whois.hichina.com
Referral URL: -http://www.net.cn
Name Server: F1G1NS1.DNSPOD.NET * → known for phishing
Name Server: F1G1NS2.DNSPOD.NET
Status: ok https://icann.org/epp#ok
Updated Date: 01-mar-2017
Creation Date: 01-mar-2017
Expiration Date: 01-mar-2027

Cannot be resolved: https://mxtoolbox.com/domain/ganluchina.com/

Weirder results when we look at that IP address, there runs a service like tcpwrapped, but the host there blocks us and
gives access only to those alled through an access list. Hostname is no-data → http://toolbar.netcraft.com/site_report?url=http%3A%2F%2F125.39.208.193
ASN AS4837
Organization CNCGROUP China169 Backbone
Country China (CN)
Region Tianjin
City Tianjin
Netblock owner: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.net.cn

Going to -http://wanwang.aliyun.com/ also coming up with an empty response

All above probably Alibaba advertising Cloud Cloud Computing SSL/HTTPS abuse.
Tengine/Aserver tag-server seen there…Did not follow redirect to -http://www.taobao.com/ and did not follow redirect to
-https://store.taobao.com/shop/noshop.htm tls-nextprotoneg:
| h2
| spdy/3.1
|_ http/1.1
High severity issues with scripts: http://retire.insecurity.today/#!/scan/1c7aec28b9bff7183395fa34c44d84eb43ac55465e4f3067162e1fccfb5cd0bc
http://www.domxssscanner.com/scan?url=https%3A%2F%2Fstore.taobao.com
opening up: Results from scanning URL: -http://seasonvar.ru/less/js/pg-second.js?v=8
Number of sources found: 0
Number of sinks found: 69 → -www.taobao.com/home/css/error.css → -> -/learn.taobao.com/user/xueyuanRedirect.htm?target=http://www.alibado.com" target=“_top” rel=“nofollow”>卖家培训中心

See the iFrame here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=seasonvar.ru%2Fless%2Fjs%2Fpg-second.js%3Fv%3D8&ref_sel=GSP2&ua_sel=ff&fs=1

Another time it is opening up to: Results from scanning URL: -http://www.reklamamobilna.com.pl/pytania/
Number of sources found: 0
Number of sinks found: 69

So it is fishy here, and I wonder what should be blocked there?

polonus (volunteer website security analyst and website error-hunter)