Interesting … the 8. address appears to be a valid DNS offered by Google. But the other seems odd … listed as “1.canadaclient” but located in Michigan… wierd… http://www.my-address-ip.com/whois-address-ip-159.203.32.8.html
It is very odd that someone is getting into your router/modem across password changes. What brand / model is the device? Wondering if there is a history of the device type being hacked directly?