Extension Auditor
Extension Auditor
Sign Up
AtendaZap

AtendaZap

ID: iibldfhmeiipohbjlkhfgnjhcmkknffi

Supported Languages

🇧🇷Brazilian Portuguese

Extension Info & Metadata

Status
Active
Version
7.4.3.55
Size
5.15 MB
Rating
5.0/5
Reviews
3
Users
35
Type
Extension
Updated
Jun 25, 2026
Category
Tools
Price
Paid
Featured
No
Visibility
Listed
Mature
No
By Google
No
Trusted
No
Download CRX
Chrome Web Store
Report Issue

Publisher Contextual Analysis

Author
IntzpView Profile
Privacy
Privacy Policy
MX records exist
Yes
Domain exists
Yes
Is disposable
No
Is role-based
No
Mailbox exists
Yes
Total Extensions
42
Active
41
Obsolete
1
Listed
42
Unlisted
0
Total Users
1,623

Email Change History

1 change
Oct 9, 2025
Domain changed
Screenshot 1

AtendaZap é um CRM no Google Chorme

Características do AtendaZap: ✔ Envio em massa para contatos ou importados via CSV – Envie mensagens para múltiplos contatos de maneira rápida e prática, sem complicação. ✔ Criação de Abas Personalizadas – Organize seus contatos de forma eficiente e encontre facilmente os mais importantes. ✔ Visão Kanban dos Contatos – Tenha uma visão clara e organizada dos seus contatos com a opção de arrastar e soltar. ✔ Envio de Mensagens para Números Não Salvos – Envie mensagens para qualquer número, mesmo que não esteja na sua agenda, sem precisar adicionar à lista de contatos. ✔ Criação de Notas Personalizadas – Anote informações importantes para cada contato diretamente no perfil deles. ✔ Lembretes para Contatos – Nunca se esqueça de retornar uma ligação ou seguir com um compromisso. Crie lembretes específicos para cada contato. ✔ Agendamento de Reuniões no Google Agenda – Agende compromissos diretamente no seu Google Agenda com facilidade, sem precisar sair da plataforma. ✔ Lembretes Simples e Notificações – Crie lembretes rápidos e receba notificações diretamente no seu dispositivo. ✔ Banco de Respostas Rápidas – Tenha respostas pré-configuradas e envie com um clique para otimizar seu tempo. ✔ Exportação de Contatos do Wpp – Exporte seus contatos diretamente do Wpp ou de grupos de Wpp para facilitar a organização. ✔ Suporte Multilíngue – Use a plataforma em seu idioma nativo: português, espanhol ou inglês, garantindo facilidade de uso. Sobre o AtendaZap: AtendaZap é uma ferramenta independente, sem qualquer vínculo com o WhatsApp ou a empresa responsável. Funciona exclusivamente através da Chrome Web Store e opera de maneira autônoma. Não somos uma ferramenta oficial do WhatsApp, mas oferecemos funcionalidades inovadoras para quem precisa de mais praticidade na gestão de contatos e mensagens.

Item
Type
Severity
Description
unlimitedStorage
Permission
Medium
This permission removes storage quota restrictions. Rated Medium because it can store large amounts of user data without limits, potentially impacting browser performance and storing extensive tracking data.
storage
Permission
Medium
This permission allows storing data locally in the browser. Rated Medium because it can persist sensitive user data, track user activities over time, and potentially store malicious payloads.
tabs
Permission
Medium
This permission enables tab management and monitoring. Rated Medium because it can track open tabs, access tab metadata, and monitor user browsing patterns.
https://web.whatsapp.com/*
Host
Medium
Host permission — access limited to this URL pattern.
alarms
Permission
Low
This permission schedules periodic tasks. Rated Low because it can only trigger events at specified times without access to sensitive data.

Every 10 minutes (`Ten_Minutes` alarm, line 241) the background script fetches arbitrary JSON from `https://code.wascript.com.br/config.json` — a server the publisher controls — and forwards the entire parsed response to every content script running on `https://web.whatsapp.com/*` via `sendMessage`. Any malicious change pushed to `config.json` is silently applied to the extension's WhatsApp-page behavior within 10 minutes, with no integrity check or version pin. Combined with the MalExt WaSteal IoC and the publisher email change, this remote-reconfiguration channel is the plausible delivery mechanism for a post-compromise payload.

background.js (Line 181)
const f = async () => {  try {    const t = await (await fetch(`${n.remote_code}config.json`, {        method: "GET"      }))      .json();    return s("https://web.whatsapp.com/*", "Update_DomSelector", t), t;  } catch (e) {    return console.error("Erro ao buscar configurações externas:", e), null;  }};

On install, the extension queries all `chromewebstore.google.com` tabs, extracts a `bearer_token` from their URL search parameters, closes those tabs, then opens WhatsApp Web with the token embedded in the URL query string (`?bearer_token=…`). The content script running on `web.whatsapp.com` can then read this authentication token. If the content script (whose main chunk is absent from this bundle) relays this token to a remote server, this constitutes credential theft. The `user_auth` external-message handler (line 418) accepts the same bearer token from `app.wascript.com.br`, forwarding it identically into a WhatsApp URL.

background.js (Line 95)
async function k(e) {  const {    success: t,    bearer_token: o  } = await y();  if (!t) {    i();    return;  }  if (e.reason !== "install") {    i();    return;  }  await l("*://web.whatsapp.com/*"), await l("*://chromewebstore.google.com/*"), chrome.tabs.create({    url: `https://web.whatsapp.com?bearer_token=${o}`  });}

By severity

Critical0
High1
Medium1
Low0

Versions scanned

Showing 1 of 101 scanned versions with more than one unique finding. Counts are unique findings that include each version.

Extension VersionCode Review Findings
7.4.3.552

Files with findings

1 distinct path — top paths by unique finding count:

  • background.js2
S.No.
Category
Severity
File
Summary
Found in Version
1Remote Code Loading
high
background.js (line 181)Every 10 minutes (`Ten_Minutes` alarm, line 241) the background script fetches arbitrary JSON from `https://code.wascript.com.br/config.json` — a server the publisher controls — and forwards the entire parsed response…
7.4.3.55
2Credential Theft
medium
background.js (line 95)On install, the extension queries all `chromewebstore.google.com` tabs, extracts a `bearer_token` from their URL search parameters, closes those tabs, then opens WhatsApp Web with the token embedded in the URL query s…
7.4.3.55
URLs
130
IPv4
221
IPv6
0

URLs

View the external URLs this extension communicates with to understand its network activity and data interactions.

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
backend-plugin.wascript.com.br-https://backend-plugin.wascript.com.br/
painel-old.wascript.com.br-https://painel-old.wascript.com.br/
backend-utils.wascript.com.br-https://backend-utils.wascript.com.br/
multi-atendimento.wascript.com.br-https://multi-atendimento.wascript.com.br
api-whatsapp.wascript.com.br-https://api-whatsapp.wascript.com.br
app.wascript.com.br-https://app.wascript.com.br
audio-transcriber.wascript.com.br/transcriptionhttps://audio-transcriber.wascript.com.br/transcription
code.wascript.com.br-https://code.wascript.com.br/
dev.watools.com.br-https://dev.watools.com.br/
web.whatsapp.com-https://web.whatsapp.com?bearer_token=${o}`
Showing 1 to 10 of 130 rows
Rows per page:

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In
7.4.3.55
IPv4
-
1.7.8.4
IPv4
-
1.8.9.4
IPv4
-
1.4.8.7
IPv4
-
1.7.3.9
IPv4
-
19.22.16.16
IPv4
-
61.14.83.83
IPv4
-
3.84.61.61
IPv4
-
1.11.29.8
IPv4
-
1.11.3.8
IPv4
-
1.1.29.81
IPv4
-
1.1.29.8
IPv4
-
45.27.65.6
IPv4
-
2.38.94.94
IPv4
-
2.46.81.81
IPv4
-
14.58.81.81
IPv4
-
13.57.86.86
IPv4
-
13.57.91.91
IPv4
-
11.47.72.72
IPv4
-
11.47.8.8
IPv4
-
14.57.86.86
IPv4
-
35.37.87.36
IPv4
-
11.43.66.66
IPv4
-
1.44.65.65
IPv4
-
14.41.8.8
IPv4
-
11.44.59.59
IPv4
-
1.43.67.67
IPv4
-
11.44.76.76
IPv4
-
11.44.63.63
IPv4
-
37.31.85.29
IPv4
-
1.44.69.69
IPv4
-
1.44.59.59
IPv4
-
37.31.86.29
IPv4
-
4.72.83.83
IPv4
-
1.44.64.64
IPv4
-
11.44.73.73
IPv4
-
2.16.34.34
IPv4
-
28.39.35.35
IPv4
-
28.39.33.33
IPv4
-
2.16.33.33
IPv4
-
28.39.34.34
IPv4
-
2.17.33.33
IPv4
-
1.13.28.78
IPv4
-
18.43.34.34
IPv4
-
16.45.34.34
IPv4
-
16.45.33.33
IPv4
-
1.5.5.5
IPv4
-
5.5.75.75
IPv4
-
82.82.82.82
IPv4
-
48.33.12.58
IPv4
-
1.16.26.16
IPv4
-
26.14.11.46
IPv4
-
15.3.23.27
IPv4
-
19.39.24.59
IPv4
-
35.86.52.47
IPv4
-
75.4.57.42
IPv4
-
51.28.16.16
IPv4
-
47.41.14.23
IPv4
-
46.32.5.22
IPv4
-
12.18.14.13
IPv4
-
62.91.41.13
IPv4
-
24.47.15.3
IPv4
-
1.93.72.26
IPv4
-
81.62.1.5
IPv4
-
11.14.28.5
IPv4
-
37.33.39.37
IPv4
-
1.17.35.12
IPv4
-
29.35.14.55
IPv4
-
24.22.13.18
IPv4
-
36.42.16.29
IPv4
-
32.25.37.12
IPv4
-
1.2.2.13
IPv4
-
68.56.16.41
IPv4
-
1.24.53.6
IPv4
-
1.68.73.17
IPv4
-
94.54.72.13
IPv4
-
102.11.22.41
IPv4
-
1.29.45.12
IPv4
-
34.78.24.6
IPv4
-
1.59.79.74
IPv4
-
2.67.12.35
IPv4
-
63.23.9.62
IPv4
-
2.52.74.1
IPv4
-
2.44.9.21
IPv4
-
1.8.32.63
IPv4
-
18.51.17.54
IPv4
-
28.13.4.67
IPv4
-
95.47.31.41
IPv4
-
57.9.34.34
IPv4
-
27.37.49.57
IPv4
-
35.39.25.63
IPv4
-
63.81.98.31
IPv4
-
68.2.44.42
IPv4
-
1.28.3.53
IPv4
-
79.82.97.35
IPv4
-
1.25.56.38
IPv4
-
78.25.53.86
IPv4
-
75.36.11.59
IPv4
-
18.38.37.29
IPv4
-
1.4.74.14
IPv4
-
2.51.69.36
IPv4
-
12.41.4.2
IPv4
-
45.5.18.51
IPv4
-
64.78.21.49
IPv4
-
88.35.46.34
IPv4
-
60.71.46.24
IPv4
-
26.24.31.73
IPv4
-
88.1.36.6
IPv4
-
1.32.65.5
IPv4
-
62.46.11.46
IPv4
-
5.55.43.84
IPv4
-
11.28.32.23
IPv4
-
1.15.33.44
IPv4
-
31.13.48.15
IPv4
-
22.11.53.14
IPv4
-
85.18.17.19
IPv4
-
74.95.25.23
IPv4
-
13.3.19.22
IPv4
-
11.15.24.2
IPv4
-
11.26.21.15
IPv4
-
34.28.14.17
IPv4
-
24.13.14.36
IPv4
-
15.16.18.17
IPv4
-
59.69.25.19
IPv4
-
21.4.36.44
IPv4
-
99.47.32.14
IPv4
-
99.36.36.31
IPv4
-
17.16.29.19
IPv4
-
14.39.22.61
IPv4
-
12.2.91.41
IPv4
-
4.16.36.43
IPv4
-
32.3.71.39
IPv4
-
93.98.2.88
IPv4
-
1.16.59.44
IPv4
-
95.22.35.43
IPv4
-
31.27.19.11
IPv4
-
54.13.23.36
IPv4
-
6.77.18.82
IPv4
-
15.93.19.61
IPv4
-
3.1.24.77
IPv4
-
19.17.83.49
IPv4
-
1.13.21.55
IPv4
-
21.35.1.27
IPv4
-
1.13.46.47
IPv4
-
14.75.5.95
IPv4
-
58.4.12.28
IPv4
-
1.67.56.42
IPv4
-
48.68.44.26
IPv4
-
26.15.33.24
IPv4
-
12.27.18.33
IPv4
-
77.19.24.19
IPv4
-
59.19.22.16
IPv4
-
11.71.49.28
IPv4
-
23.21.35.19
IPv4
-
7.17.82.61
IPv4
-
15.25.42.56
IPv4
-
11.7.24.14
IPv4
-
17.61.11.83
IPv4
-
18.81.43.17
IPv4
-
15.33.22.12
IPv4
-
1.45.11.34
IPv4
-
5.29.16.33
IPv4
-
14.46.25.5
IPv4
-
89.59.17.68
IPv4
-
22.23.11.24
IPv4
-
47.14.2.24
IPv4
-
16.19.14.2
IPv4
-
38.33.42.11
IPv4
-
29.13.13.31
IPv4
-
79.25.49.84
IPv4
-
12.29.28.13
IPv4
-
85.24.34.2
IPv4
-
26.62.34.17
IPv4
-
16.45.23.34
IPv4
-
44.31.13.22
IPv4
-
1.21.13.42
IPv4
-
26.49.31.37
IPv4
-
81.54.14.53
IPv4
-
17.15.22.27
IPv4
-
7.41.34.27
IPv4
-
1.27.58.58
IPv4
-
3.48.22.24
IPv4
-
5.21.77.69
IPv4
-
11.69.48.1
IPv4
-
1.36.18.16
IPv4
-
25.18.1.29
IPv4
-
18.39.21.16
IPv4
-
1.28.25.15
IPv4
-
2.26.35.57
IPv4
-
13.12.26.43
IPv4
-
1.47.21.6
IPv4
-
102.14.98.25
IPv4
-
19.33.17.35
IPv4
-
102.17.45.13
IPv4
-
75.24.16.19
IPv4
-
15.19.9.28
IPv4
-
100.39.23.32
IPv4
-
101.43.17.22
IPv4
-
1.52.29.15
IPv4
-
3.18.78.49
IPv4
-
83.7.28.91
IPv4
-
1.5.75.75
IPv4
-
67.26.74.62
IPv4
-
79.32.79.75
IPv4
-
1.88.16.69
IPv4
-
22.12.43.25
IPv4
-
1.13.1.4
IPv4
-
2.4.4.53
IPv4
-
1.72.78.78
IPv4
-
2.13.42.26
IPv4
-
12.39.18.8
IPv4
-
2.182.5.5
IPv4
-
29.29.6.57
IPv4
-
29.29.59.57
IPv4
-
43.45.87.91
IPv4
-
23.13.33.41
IPv4
-
44.11.77.14
IPv4
-
24.1.43.19
IPv4
-
4.2.11.65
IPv4
-
31.12.47.19
IPv4
-
35.14.53.74
IPv4
-
Showing 1 to 221 of 230 rows
Rows per page:
Version
Size
Is Malicious
Findings
Permhash
7.4.3.56
Latest
5.15 MB
Malicious
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
7.4.3.55
5.15 MB
Malicious
2
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
7.4.3.54
5.15 MB
Malicious
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
7.4.3.53
5.15 MB
Malicious
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
7.4.3.51
5.15 MB
Malicious
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
7.4.3.42
5.28 MB
Benign
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
7.4.3.41
5.28 MB
Benign
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
7.4.3.40
5.28 MB
Benign
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
7.4.3.37
5.28 MB
Benign
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
7.4.3.36
5.28 MB
Benign
8208ea2fa0547f390cf63b17ec959aff9d7feb56b9755fdc118edcbdfc6cbf11
Showing 1 to 10 of 110 rows
Rows per page:

Code Diff

Compare extension code between any two versions.

0 changed files (scanned top 25 shared text files)

No comparable text files found between these versions.

Browse and explore files within this extension package

Gain full insight into all external connections.

Upgrade for full visibility.

Sign In