IDS alert ET INFO HTTP Request to a *.top domain; no flags at VT (ransomeware)..

See: https://urlquery.net/report/bf517b3e-2181-485f-b2b6-34e4aab33d2b
Nothing here: https://www.virustotal.com/gui/url/7ffa7d5039e1a345472ee8b96a1b8ecc5ba922309fd247716fe3dd4f76867a01/detection
Blacklisted here: https://sitecheck.sucuri.net/results/finanso.top
Ransomeware launcher: https://otx.alienvault.com/indicator/domain/finanso.top
Fortinet detects (also the IDS alert comes from there): https://www.urlvoid.com/scan/finanso.top/
File content has been deleted here: https://www.joesandbox.com/analysis/140565/0/lighthtml
Also consider: https://any.run/report/f6957bc74594122bed896e311db55c03798678dce69cb3c4c2742f5dc965bdf8/6b1060a2-6366-45b4-8060-57284f1e4ec9

DOM-XSS issues on site: Results from scanning URL: -http://cofdestticgast1980.blogspot.si/
Number of sources found: 5
Number of sinks found: 25
&
Results from scanning URL: -https://www.blogger.com/static/v1/widgets/2494616528-widgets.js
Number of sources found: 129
Number of sinks found: 13
&
Results from scanning URL: -https://www.blogger.com/static/v1/widgets/2494616528-widgets.js
Number of sources found: 98
Number of sinks found: 41
&
Results from scanning URL: -https://resources.blogblog.com/blogblog/data/res/2188189495-indie_compiled.js
Number of sources found: 129
Number of sinks found: 13
No vulnerable retirable libraries detected

Involved relations on IP flagged: https://www.virustotal.com/gui/ip-address/209.85.200.132/details

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)