I would assume the extension, like many others, use a cloud backend for text analysis and suggestions. You could try to back-engineer what those URLs are, by installing a sterile machine with this extension in the lab, and then sniffing DNS and HTTPS traffic. You also need HTTPSi active in this environment. I would assume the domains, DNS names and URLs would be in wizkids.dk subdomain, but that is not guaranteed.
You can also reach out to the vendor and explicitly ask for that info. I would say something like
- "Our students complain about your extension not working well from time to time. Could you please help us to unblock all your traffic on our FWs? Can you please give us some details on how your backend is working?"
I assume the devices are not owned by the school, right? Otherwise, it is an option to lock Chrome and manage extensions centrally for the students.