Could have been the vulnerabilities on the website hoster mentioned here:
https://www.shodan.io/host/138.128.178.132
PHP related:
Vulnerabilities
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
CVE-2019-9639 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9637 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
CVE-2019-9641 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
Checked: Checking: -
https://order.vitordigitizing.net/assets_ver/bootstrap/js/ekko-lightbox.min.js
File size: 14.34 KB
File MD5: ca3d0bfd729dca4e5eb86593de687e57
-https://order.vitordigitizing.net/assets_ver/bootstrap/js/ekko-lightbox.min.js - Ok
Checking: -https://order.vitordigitizing.net/assets_ver/bootstrap/js/popper.min.js
File size: 20.51 KB
File MD5: 36affe2ca6cb85233ee7362c5d8b7893
-https://order.vitordigitizing.net/assets_ver/bootstrap/js/popper.min.js - Ok
Checking: -https://order.vitordigitizing.net/cpadmin/assets/global/plugins/jquery-validation/js/jquery.validate.min.js
File size: 20.32 KB
File MD5: d7c953a9036ef06a14e5f225d1cd0ae6
-https://order.vitordigitizing.net/cpadmin/assets/global/plugins/jquery-validation/js/jquery.validate.min.js - Ok
Checking: -https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js
File size: 86.08 KB
File MD5: f832e36068ab203a3f89b1795480d0d7
-https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js - archive JS-HTML
-https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js/JSTag_1[b765][a0eb] - Ok
-https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js/JSTag_2[c0f2][975e] - Ok
-https://order.vitordigitizing.net/assets_ver/bootstrap/js/jquery.min.js - Ok
Checking: -https://order.vitordigitizing.net/assets_ver/bootstrap/js/bootstrap.min.js
File size: 56.71 KB
File MD5: e1d98d47689e00f8ecbc5d9f61bdb42e
-https://order.vitordigitizing.net/assets_ver/bootstrap/js/bootstrap.min.js - Ok
Checking: -https://www.googletagmanager.com/gtag/js?id=UA-5662088-74
File size: 98.84 KB
File MD5: 1e21688b79711476b3a73e03a2a0db3a
-https://www.googletagmanager.com/gtag/js?id=UA-5662088-74 - Ok
Checking: -https://order.vitordigitizing.net/cpadmin/assets/global/plugins/jquery-validation/js/additional-methods.min.js
File size: 14.62 KB
File MD5: d464758371944566c6e856628e0dd2d4
-https://order.vitordigitizing.net/cpadmin/assets/global/plugins/jquery-validation/js/additional-methods.min.js - Ok
Checking: -https://order.vitordigitizing.net/assets_ver/bootstrap/js/wow.min.js
File size: 6139 bytes
File MD5: 3ca2644d1da30f25f9391d2436e4f26b
-https://order.vitordigitizing.net/assets_ver/bootstrap/js/wow.min.js - Ok
Checking: -https://order.vitordigitizing.net/login.html
Engine version: 7.0.49.9080
Total virus-finding records: 9773466
File size: 9649 bytes
File MD5: 1ba7b789f2d912e264f22683691a3f9a
-https://order.vitordigitizing.net/login.html - archive JS-HTML
-https://order.vitordigitizing.net/login.html/JSTAG_1[9c1][9a] - Ok
-https://order.vitordigitizing.net/login.html/JSTAG_2[1497][322] - Ok
-https://order.vitordigitizing.net/login.html/JSTAG_3[1b06][56c] - Ok
h-ttps://order.vitordigitizing.net/login.html/JSTAG_4[20ba][eb] - Ok
-https://order.vitordigitizing.net/login.html/JSTAG_5[21e7][101] - Ok
-https://order.vitordigitizing.net/login.html/JSTAG_6[232b][12] - Ok
-https://order.vitordigitizing.net/login.html/JSTAG_7[2382][226] - Ok
-https://order.vitordigitizing.net/login.html - Ok
Maybe it is the outgoing link to -https://www.deepit.com/
Going to: Checking: -https://544e26b6.sibforms.com/serve/MUIEAPeDgQ1kv9KBQME0Cg-UfXGnsqBDjx5eNgyAlJVYSmL0wsxXZcyQtN6h98XUqpu8SCCTQTpCH81YsqmnWPV7Qv8lXAbmT-jXTfwLTuYLUw71qcGA_O1Nm7vhly0gkgxsXH5ZPwSZHHNOlooPbuswUce2liMXTBDg3C4tw-amQphSiWC-wDCA_C590RobJXbJB99GEHUUtyeh
(web- and e-mail marketing - form from sendinblue dot com via CloudFlare - email-decode.min.js)*
File size: 9851 bytes
File MD5: 5217243de43188786fa91fb9b6208c31
But wait for an avast team member to give a final verdict, as they are the only ones to come and unblock,
or you could take it up with the site hoster HostDime.com, Inc. at Orlando (deepitserver dot com) and also CloudFlare’s *.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)