Try opening any random webpage, view the page source, and then search for "223.224.131.144"(without quotes), or "Anchor.js", and if they are consistent with the location of the script they are injecting, you should be able to know whether or not they are tampering with your traffic. There might be better ways for this, but they would require quite a bit more effort.