1. When Safari is closed, connection to zoom.us is closed 2. Once empty safari window (no other windows, no tabs) has been launched, it establishes TCP/443 encrypted connection to zoom.us and keeps it alive 3. Zoom desktop app is not running, also prohibited from running in background in macbook settings. No any zoom plug-ins anywhere, only desktop app is installed. Even when I deleted the app and rebooted, safari still connects to zoom.us 4. Wireshark shows active communication with zoom.us, but because it's TLSv1.3 encrypted, not much could be figured out what's exactly is being sent. See screenshot for details ([https://imgur.com/a/RF0Ygfx](https://imgur.com/a/RF0Ygfx)) 5. Fiddler only shows TLS handshake, not much info there
What I tried: 1. disabled preload top hits in Safari 2. deleted zoom cookies 3. closed all tabs on icloud devices that could have caused connection 4. Deleted Zoom app and cleaned all related files (daemons,agents,settings,etc)
Details 1. TCP 443 port, SSLv1.3 2. process establishing the connection is com.apple.WebKit.Networking (/System/Volumes/Preboot/Cryptexes/Incoming/OS/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking) 3. zoom.us resolves as 170.114.52.2 4. Latest macos
Question: Any idea what I can do to investigate further?