Re: https://urlquery.net/report/cdbe2fd0-b6c1-4fb7-8c16-cebce12e7c36
and https://www.abuseipdb.com/whois/47.88.103.239 (IP address).
Re: https://otx.alienvault.com/indicator/domain/finanso.top
Re: http://urlquery.net/report/2354c304-a72e-480e-80c5-003f1402be65
Re: https://urlquery.net/report/1cf696d0-60d1-46cf-9a38-536f37298ed4
Re: https://any.run/report/3962cec5ca5ee3dcf564143e332196f0f6c91cf6beb5547efc3cb18dbb039d99/b649e647-9c03-4194-a212-2d2f15a4e2f2
Re: https://www.hybrid-analysis.com/sample/2714d9c00094d3d40289e0531e669f57afd08ba6a1e2a919101fe1f7339fe21f?environmentId=120
and https://www.maltiverse.com/sample/d2e4082bba9c6f5429b601aacc215f252612b4832b1291b703fa82a9b0c57f3c
in particular: https://urlscan.io/result/12d2ebfd-7b25-4647-8125-d4686df5241a/#behaviour (no IDS alert for suspicious .xyz domain)

Seems -finanso.top is no longer running, even reports on it are being blocked by avast extensions.
Spam detections: https://www.virustotal.com/gui/url/3962cec5ca5ee3dcf564143e332196f0f6c91cf6beb5547efc3cb18dbb039d99/detection (recent?).
Here a final verdict was not yet given:
Re: https://urlscan.io/result/53b40e7e-7edc-47ba-b945-3a51f5ba09fc
Consider: https://urlscan.io/search/#page.domain%3Afinansos.top
Generic malware flagged: https://www.maltiverse.com/hostname/vip.ninanetu.xyz

polonus