[Lex Computer & Tech Group/LCTG] zoomcrc.com

Allan Sherman allanpsherman at gmail.com
Tue Jul 7 04:02:36 PDT 2020 

I think I had a valid idea for checking this, but made the wrong
interpretation of what I found.

The "whois" record I posted for zoomcrc.com was obtained from a random
google search source (
https://www.webnames.ca/whois#?currentDomain=zoomcrc.com ).  Checking
further, I went to the registrar's website https://il.godaddy.com/en/whois and
found the same "whois" result.

Later, checking my favorite network info site (nwtools.com - alias for
https://network-tools.com/ ), surprisingly showed zoomcrc.com being owned
by Zoom Video Communications, Inc at the expected address in San Jose.

What I think happened is that Network Tools was able to get around the
Domains By Proxy blockage by checking the ownership of the IP address used
by that domain.  Just a guess.  So why does the domain usually show up as
being under GoDaddy control?  Perhaps it originally was registered with
GoDaddy and still stays there.

In any event, this certainly looks and acts like a zoom domain, so I am no
longer suspicious of malicious activity by a third party.  However I am
certainly no expert in this stuff.....


Al




On Mon, Jul 6, 2020 at 10:22 PM <mwolfe at vinebrook.com> wrote:

> To All:
>
> I found this in the Zoom Help Center:
>   SIP Dial String Format
>
> <https://support.zoom.us/hc/en-us/articles/202405539-H-323-SIP-Room-Connector-Dial-Strings#sip>
> *[Meeting ID].[Password].[Layout].[Host Key]@zoomcrc.com
> <http://zoomcrc.com>*
>
> <https://support.zoom.us/hc/en-us/articles/202405539-H-323-SIP-Room-Connector-Dial-Strings#sip>
>
> That being said, given the BCC someone may be planting a virus to
> eavesdrop. It could even be Zoom. Zoom has strived for ease of use and
> features often at the expense of security such as this example
> <https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-automatic-removal-silent-update-webcam-vulnerability>
> .
>
> -- Mitch
>
> On 2020-07-05 19:27, Allan Sherman wrote:
>
> I suspect that the  zoomcrc.com
> <https://www.webnames.ca/whois#?currentDomain=zoomcrc.com> domain is not
> owned by zoom based on the following information.
>
> The "real zoom" URL appears to be zoom.us.  A "whois" search on the
> zoom.us domain produces:
>
> Domain Name: zoom.us
> Registrar: GoDaddy.com, Inc.
> Registrant Name: Bill Lu
> Registrant Organization: Zoom Video Communications, Inc.
> Registrant Street: 55 Almaden Boulevard
> Registrant City: San Jose
> Registrant State/Province: California
> Registrant Postal Code: 95148
> Registrant phone: +1.4085086746
>
>
> Checking the domain zoomcrc.com shows:
>
> Registrar: GoDaddy.com, LLC
> Registry Registrant ID: Not Available From Registry
> Registrant Name: Registration Private
> Registrant Organization: Domains By Proxy, LLC
> Registrant Street: DomainsByProxy.com
> Registrant Street: 14455 N. Hayden Road
> Registrant City: Scottsdale
> Registrant State/Province: Arizona
> Registrant Postal Code: 85260
> Registrant Country: US
> Registrant Phone: +1.4806242599
> Registrant Email: ZOOMCRC.COM at domainsbyproxy.com
>
>
> DomainsByProxy.com  appears to be a business intended to hide the real
> identity of the owner of the URL.  I would expect that since zoom.us has
> published the id of the URL owner, they have no reason to hide the
> ownership of zoomcrc, if it indeed belonged to them.
>
> I have no idea of the significance (if anything) of GoDaddy.com, Inc. vs
> GoDaddy.com, LLC.  Probably just an administrative snafu.
>
>
> Regards,
>
> Al
>
>
>
> On Sun, Jul 5, 2020 at 10:41 PM Harry Forsdick <forsdick at gmail.com> wrote:
>
>> CHarlie,
>>
>> I believe this email address is not actually an email address, but reuse
>> of the same syntax as email for opening a conferencing session between
>> different conferencing systems, such as Zoom and Cisco or Polycom
>>
>> This google search gives some information about Zoomcrc.com:
>>
>>    -
>>    https://www.google.com/search?q=what+is+zoomcrc&rlz=1C5CHFA_enUS873US873&oq=what+is+zoomcrc&aqs=chrome..69i57j0.5848j0j4&sourceid=chrome&ie=UTF-8
>>
>> It makes reference to SIP which stands for Session Initiation Protocol
>> which is the interoperability activity.
>>
>> Email-looking addresses to ZoomCRC look to me as benign.
>>
>> Regards,
>>
>> -- Harry
>>
>>
>> Register to vote by mail https://turbovote.org/
>>
>> Harry Forsdick <http://www.forsdick.com/resume/>
>> Lexington Photo Scanning <http://lexingtonphotoscan.com/>
>> Town Meeting Member Precinct 7 <http://lexingtontmma.org/>
>> harry at forsdick.com
>> www.forsdick.com
>>   46 Burlington St.
>> Lexington, MA 02420 <https://goo.gl/xZXT2F>
>> (781) 799-6002 (mobile) <callto:17817996002>
>> meet.jit.si/HarryForsdick (video)
>> Click <http://forsdick.weebly.com/home/my-websites> to see my other
>> websites
>>
>>
>> On Sat, Jul 4, 2020 at 4:05 PM Charles Holbrow <chholbrow at gmail.com>
>> wrote:
>>
>>> I am preparing my six-session course on the history of the atomic bomb.
>>> I will run it through my Colgate University Zoom account.  I just found in
>>> the drafts in my email an invitation to go to me with a bcc to
>>> 94056004724 at zoomcrc.com.  I never addressed an email to
>>> 94056004724 at zoomcrc.com.  Any suggestions as to what is going on?
>>>
>>> Is this some kind of hack to find the meeting ID and password of the
>>> course?
>>>
>>> --Charlie
>>>
>>>
>>>
>>> ===============================================
>>> ::The Lexington Computer and Technology Group Mailing List::
>>> Reply goes to sender only; Reply All to send to list.
>>> Send to the list: LCTG at lists.toku.us      Message archives:
>>> http://lists.toku.us/private.cgi/lctg-toku.us
>>> To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email
>>> lctg-unsubscribe at toku.us
>>> Future and Past meeting information: http://LCTG.toku.us
>>> This message was sent to forsdick at gmail.com.
>>> Set your list options:
>>> http://lists.toku.us/options.cgi/lctg-toku.us/forsdick@gmail.com
>>
>> ===============================================
>> ::The Lexington Computer and Technology Group Mailing List::
>> Reply goes to sender only; Reply All to send to list.
>> Send to the list: LCTG at lists.toku.us      Message archives:
>> http://lists.toku.us/private.cgi/lctg-toku.us
>> To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email
>> lctg-unsubscribe at toku.us
>> Future and Past meeting information: http://LCTG.toku.us
>> This message was sent to al at sherm.us.
>> Set your list options:
>> http://lists.toku.us/options.cgi/lctg-toku.us/al@sherm.us
>
>
> ===============================================
> ::The Lexington Computer and Technology Group Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list: LCTG at lists.toku.us      Message archives:
> http://lists.toku.us/private.cgi/lctg-toku.us
> To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email
> lctg-unsubscribe at toku.us
> Future and Past meeting information: http://LCTG.toku.us
> This message was sent to mwolfe at vinebrook.com.
> Set your list options:
> http://lists.toku.us/options.cgi/lctg-toku.us/mwolfe@vinebrook.com
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/private.cgi/lctg-toku.us/attachments/20200707/7338a968/attachment.html>

More information about the LCTG mailing list