Why application connected to Google annalysis?


I used a firewall and detect your app connected to some server? Why is connected establashed?

What is data transfered?GA


You don’t need a firewall for this. A mere netstat -bf on Windows will also showcase currently established connections:

Actieve verbindingen

  Proto  Lokaal adres           Extern adres           Status
 [Visual Paradigm.exe]
  TCP        m2052.contabo.host:https  ESTABLISHED
 [Visual Paradigm.exe]
  TCP        a104-125-38-50.deploy.static.akamaitechnologies.com:http  TIME_WAIT
  TCP        a-0001.a-msedge.net:https  TIME_WAIT
  TCP        a-0001.a-msedge.net:https  TIME_WAIT
  TCP         localhost.localdomain:54467  ESTABLISHED
 [Visual Paradigm.exe]
  TCP         localhost.localdomain:54468  ESTABLISHED
 [Visual Paradigm.exe]
  TCP         localhost.localdomain:54469  ESTABLISHED
 [Visual Paradigm.exe]
  TCP        localhost.localdomain:1101  ESTABLISHED
  TCP        localhost.localdomain:1101  ESTABLISHED
  TCP        localhost.localdomain:1101  ESTABLISHED

So, what we’re seeing here… “m2052.contabo.host” is basically VPository. is also known as ns1.msft.net and seems a regular DNS server. However, do note the TIME_WAIT, it doesn’t make an actual connection.

a104-125-38-50.deploy.static.akamaitechnologies.com puzzled me at first, but a Google search pointed me to the Akamai website. They’re a cloud hosting provider, and Visual Paradigm is more heavily relying on net based functionality these days, so there’s also not much of a surprise here.

Then we’re down to a-0001.a-msedge.net. It has 2 IP addresses:

omicron:/home/peter $ dig a-0001.a-msedge.net

; <<>> DiG 9.11.2 <<>> a-0001.a-msedge.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61978
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;a-0001.a-msedge.net.           IN      A

a-0001.a-msedge.net.    28      IN      A
a-0001.a-msedge.net.    28      IN      A

;; Query time: 0 msec
;; WHEN: Tue Nov 28 07:43:30 CET 2017
;; MSG SIZE  rcvd: 80

The IP addresses don’t really tell me much but checking for a-msedge.net in the whois database directs me straight to Microsoft.

In specific the markmonitor website. Which also looks very legitimate to me, it’s basically an online service used to protect brands and services from abuse (hackers).

The rest are merely local connections (as you can see).

So summing up: I can’t reproduce your findings.


When I’m using the “Community Circle” option more data gets send across, but that’s logical behaviour because that option establishes a website connection from within Visual Paradigm. Is it possible that you used something similar?

From what I can tell Visual Paradigm uses the Chromium engine which is used to establish (HTTP) connections, for example with Community Circle and VPository, but those are not rogue connections.

Also noteworthy is that the Visual Paradigm website utilizes Google Analytics.

So I think that’s what you’re seeing here. Nothing malicious is going on, the program is merely pulling in web data from the website which in its turn also contacts Google analytics.


I remember when I first run Visual Paradigm, there have a checkbox for agree on join the experience improvement program.

And I just found there have an option “Experience Improvement”

I haven’t check whether is the cause. You may have to try.