Malwarebytes - Detection

Hi

Malwarebytes Endpoint Protection has been flagging an ip that zerotier is connecting to.

Type: OutboundConnection

• Location: (138.199.60.166:63130)
• Action taken: Blocked
• Scan time: May 13th 2023, 14:55:17 UTC
• Report time: May 13th 2023, 14:55:18 UTC
• Threat name: Compromised
• Process name: C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe

Abuseipdb has it listed.

That’s not an IP address owned or operated by ZeroTier, Inc. It’s possible that it’s a member of one of the networks that machine is joined to.

Thanks Grant for setting that straight.