And the site is called?

Who provides your DNS servers?

To cut out the DNS layer, the ip address is 212.159.68.138

That will default to error_page.html that just contains the text "Not Found".

Refresh that a couple of times and you should see the problem.

I tried a rapid download Linux command:-

wget 212.159.68.138
--2018-10-01 17:20:45--  http://212.159.68.138/
Connecting to 212.159.68.138:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://212.159.68.138/error_page.html [following]
--2018-10-01 17:20:52--  http://212.159.68.138/error_page.html
Reusing existing connection to 212.159.68.138:80.
HTTP request sent, awaiting response... 200 OK
Length: 18 [text/html]
Saving to: ‘index.html’

index.html                  100%[=========================================>]      18  --.-KB/s    in 0s      

2018-10-01 17:20:52 (1.09 MB/s) - ‘index.html’ saved [18/18]

Note that it took 7 seconds to download virtually nothing - just 18 bytes on a 70/20 Mbit/sec connection.

BTW Your DNS address reveals what looks like:- 'username.plus.com'

Mmmm, but why so slow on just inbound connections?

Re username.plus.net. Hilarious isn't it. Plusnet wouldn't change it... Anyway I have other domains that point here (I didn't want to promote them here and it's all password protected anyway).

Have you tried temporarily disabling your Windows Firewall ?

* edit - assuming you're on a Windows machine and it has the firewall enabled of course *

It's Fedora, and yes it does have a firewall(! ). It's got to the point that I'll try anything!

Maybe also run a tail -f /var/log/apache/whateveritscalled.log  to see if you can see in real time what is coming through as a request - maybe the request is hitting quickly but the reply is taking time.

I also find iptraf useful on my Ubuntu servers to see what is hitting my machine and when. Not sure on other flavours of Linux but maybe worth a look.

Update: Thanks for those suggestions. It looks like it might be a type of Slowloris DDOS attack, with IP addresses around the world (hosting companies and VPNs) generating about 50 connections each that didn't do much. The command line I used to get the connection info is at the end of the post, should someone find it useful. I'm going to install a Draytek router that I have lying about to try and filter out the problematic IP addresses (probably a thankless task as there are so many of them) and then disable firewalld and use iptables to drop anything with more than 20 connections. Unless anyone has a better idea...?

netstat -ntu -4 -6 |  awk '/^tcp/{ print $5 }' | sed -r 's/:[0-9]+$//' |  sort | uniq -c | sort -n

I get the same - port scans, probes, email hacking attempts etc etc.

I can't stop people getting past the router but I use fail2ban for any services I'm running - if anybody tries more than 3-4 times to access something they shouldn't, it puts an automatic ban on using iptables.