If one suspects a website has been compromised, don’t use a standard web browser to access the site as there could be zero-day malware on the site. Use Terminal programs that don’t have JavaScript enabled like curl or lynx if necessary to browse the site, preferably from a VM or other isolated computing resource.

DNSViz helps visualize the DNS chain. Keep in mind DNS and nameserver updates can take minutes to hours to propagate.

macOS:

dscacheutil -q host -a name host.invalid

Linux / macOS / WSL:

dig +trace host.invalid

If the DNS entries seem valid, consider that the web hosting server (that sends the HTML files to browser) may be compromised.