I used another pc with a new ip address to access the website, and I logged every communication with wireshark network analyzer.

I went through every single packet and I didn’t notice anything suspicious.

Do you have more details about infected files? Maybe there are some injected javascript functions I don’t see.