I've been trying to figure out something on our office network for a week now. It began when I noticed that woot.com was very slow to load and saw that it was
hanging up waiting for www.google-analytics.com.
I ran AdwCleaner and Malwarebytes but neither found anything.
Further digging revealed that the DNS address for www.google-analytics.com was being redirected to 18.104.22.168 which ends up in Israel going to
bezeqint.net. The TRACERT ends up failing going to it as does ping which returns nothing.
The DNS settings on the computers were unchanged as were the hosts files. The computers are on a domain, and they have the server listed as the first DNS provider and our router listed as the second. I was unable to find anything suspicious on the server, so I checked the router.
The router is a Linksys WRT1900AC. If I unplug the router and plug it back in, the problem goes away for about 24 hours then returns, which led me to suspect the router. I updated the firmware, but to no effect.
I changed the DNS settings on the router to openDNS and removed the DNS entry to the router, but didn't fix it.
If I do a ping from the router diagnostics, it works correctly at all times.
I still haven't ruled out an issue with our server though as I have one workstation that doesn't really get used so I removed it from the domain and changed the DNS settings to openDNS and that workstation seems unaffected while the rest are.
I'm not sure what else to look at from here.