Malwarebytes - Detection

Hi

Malwarebytes Endpoint Protection has been flagging an ip that zerotier is connecting to.

Type: OutboundConnection

  • Location: (138.199.60.166:63130)
  • Action taken: Blocked
  • Scan time: May 13th 2023, 14:55:17 UTC
  • Report time: May 13th 2023, 14:55:18 UTC
  • Threat name: Compromised
  • Process name: C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe

Abuseipdb has it listed.

That’s not an IP address owned or operated by ZeroTier, Inc. It’s possible that it’s a member of one of the networks that machine is joined to.

Thanks Grant for setting that straight.