Perhaps it got hacked and was hosting malware without you being aware? They are pretty good at hiding it from the site owner (showing the original website to you, but not to others).

The server is and has been clean the whole time. I don't even run WordPress or anything similar on that server that would be a common hacking target. If it was hacked, I'm pretty sure Google Safe Browsing would be the first to flag the site, not some random PiHole list.