Why is PCMonitorSrv.exe making connectino to random IPs?

[Chuck13]

I have a Windows 7 machine with the application installed. From "netbios -b -f", I noticed that the PCMonitorSrv.exe process, which is use by Pulseway, is making connection with random ports to random IP. What are these for?

 

 TCP    192.168.1.100:61675       104.207.136.70:8888    TIME_WAIT

 TCP    192.168.1.100:61676       108.61.19.4.choopa.com:8888  TIME_WAIT

 TCP    192.168.1.100:61677       ppp-198.15.118.242.phx.napinet.net:8888  TIME_WAIT

 TCP    192.168.1.100:61678       50.97.94.22-static.reverse.softlayer.com:8888  TIME_WAIT

 TCP    192.168.1.100:61679       50.23.113.203-static.reverse.softlayer.com:8888  TIME_WAIT

 TCP    192.168.1.100:61680       104.156.240.157:8888   TIME_WAIT

 TCP    192.168.1.100:61681       50.23.131.234-static.reverse.softlayer.com:8888  TIME_WAIT

 TCP    192.168.1.100:61682       ip146.185.28.236.lon.ukinetcom.net:8888  TIME_WAIT

 TCP    192.168.1.100:61683       h31-3-243-74.host.redstation.co.uk:8888  TIME_WAIT

 TCP    192.168.1.100:61684       seomobile.biz:8888     TIME_WAIT

 TCP    192.168.1.100:61685       46.166.188.245:8888    TIME_WAIT

 TCP    192.168.1.100:61686       173.199.65.52.choopa.net:8888  TIME_WAIT

 TCP    192.168.1.100:61687       184-75-211-236.amanah.com:8888  TIME_WAIT

 TCP    192.168.1.100:61688       178.162.205.28:8888    TIME_WAIT

 TCP    192.168.1.100:61689       108.61.122.121.choopa.net:8888  TIME_WAIT

 TCP    192.168.1.100:61690       5.153.234.58:8888      TIME_WAIT

 TCP    192.168.1.100:61691       D.C.B.A-nia.romaninternet.com:8888  TIME_WAIT

 TCP    192.168.1.100:61692       dyn-116-193-159-36.hknewsolution.com:8888  TIME_WAIT

 TCP    192.168.1.100:61693       31-168-172-146.telavivwifi.com:8888  TIME_WAIT

 TCP    192.168.1.100:61694       108.61.96.9.choopa.net:8888  TIME_WAIT

 TCP    192.168.1.100:61695       43.224.32.5:8888       TIME_WAIT

 TCP    192.168.1.100:61779       a23-204-109-35.deploy.static.akamaitechnologies.com:http  TIME_WAIT

 TCP    192.168.1.100:61797       104.207.136.70:8888    TIME_WAIT

 TCP    192.168.1.100:61798       108.61.19.4.choopa.com:8888  TIME_WAIT

 TCP    192.168.1.100:61799       ppp-198.15.118.242.phx.napinet.net:8888  TIME_WAIT

 TCP    192.168.1.100:61800       50.97.94.22-static.reverse.softlayer.com:8888  TIME_WAIT

 TCP    192.168.1.100:61801       50.23.113.203-static.reverse.softlayer.com:8888  TIME_WAIT

 TCP    192.168.1.100:61802       104.156.240.157:8888   TIME_WAIT

 TCP    192.168.1.100:61803       50.23.131.234-static.reverse.softlayer.com:8888  TIME_WAIT

 TCP    192.168.1.100:61804       ip146.185.28.236.lon.ukinetcom.net:8888  TIME_WAIT

 TCP    192.168.1.100:61805       h31-3-243-74.host.redstation.co.uk:8888  TIME_WAIT

 TCP    192.168.1.100:61806       seomobile.biz:8888     TIME_WAIT

 TCP    192.168.1.100:61807       46.166.188.245:8888    TIME_WAIT

 TCP    192.168.1.100:61808       173.199.65.52.choopa.net:8888  TIME_WAIT

 TCP    192.168.1.100:61809       184-75-211-236.amanah.com:8888  TIME_WAIT

 TCP    192.168.1.100:61810       178.162.205.28:8888    TIME_WAIT

 TCP    192.168.1.100:61811       108.61.122.121.choopa.net:8888  TIME_WAIT

 TCP    192.168.1.100:61812       5.153.234.58:8888      TIME_WAIT

 TCP    192.168.1.100:61813       D.C.B.A-nia.romaninternet.com:8888  TIME_WAIT

 TCP    192.168.1.100:61814       dyn-116-193-159-36.hknewsolution.com:8888  TIME_WAIT

 TCP    192.168.1.100:61815       31-168-172-146.telavivwifi.com:8888  TIME_WAIT

 TCP    192.168.1.100:61816       108.61.96.9.choopa.net:8888  TIME_WAIT

 TCP    192.168.1.100:61817       43.224.32.5:8888       TIME_WAIT

 TCP    192.168.1.100:61897       ip-69.65.49.8.servernap.net:https  ESTABLISHED

[PCMonitorSrv.exe]

 

[Marius]

The only connection that belongs to PCMonitorSrv.exe is this one:

 

TCP    192.168.1.100:61897       ip-69.65.49.8.servernap.net:https  ESTABLISHED

 

Pulseway can establish other connections only if you have some ping checks or web site checks defined in the Pulseway Manager.

[Marius]

Use TCP View to view the connections:

https://technet.microsoft.com/en-us/library/bb897437.aspx

 

Direct Download:

http://download.sysinternals.com/files/TCPView.zip

[Chris]

Hi Chuck,

From the looks of it, Pulseway is connecting to the internet through a transparent proxy. Note that each host it has connected to, the port used is 8888.

We don't recommend putting Pulseway behind open HTTPS proxies as it might expose your Pulseway login credentials.

Regards,

Chris

Pulseway Support

[Chuck13]

Thanks for the response, guys. This was indeed a proxy, but I was curious that Windows reported it that it was PC Monitor process that is making the connections, which is bizarre.

[Marius]

It must be the proxy.

 

The Pulseway agent does not connect to any other servers whatsoever. Install Pulseway on a different computer that does not use any proxy to check this out.