off trendmicro-update[.]com i'm also giving the hairy eyeball to
update-fortinet[.]com
a year older, but same-ish fingerprint, and up until yesterday showing an A record connected to Stark.
195.16.74[.]58
trendmicro-update had moved to Linode from a Stark IP at 45.12.134[.]94
registrar: HostingConcepts / registrar[.]eu
NS: site-dns[.]com, previously openprovider[.]nl/be/eu
full pDNS and domain records for both domains (zipped CSVs):
https://drive.google.com/file/d/1cpfeBR5qCoOvDvXEp4fgR7pZlpXfIVW7/view?usp=sharing
