It seems like the ports are closed instead of 80 and 443. I scanned the site’s IP over and over again with Nmap using different keys. No other results, just thouse two ports opened. Maybe the suspicious one get openned in the particular time lapse? Give me the clue, please.