[wkat4242]

I don't think DNS has anything to do with this whatsoever :)

Even if it returned a different IP it would have to be verified by TLS. And it wouldn't affect what the browser is capable of doing. That even being possible would be a huge vulnerability. DoH is more of a privacy feature than security.

It's a weird thing and hard to understand without more details but like the other reply I think it may be a PWA.

[mbwgh]

My (uninformed and probably misguided) idea was that there was a host DNS service (responsible e.g. for resolving local domain names) which would cause Windows itself to trigger some rule when 'web.whatsapp.com' is encountered.

But yeah, the PWA thing seems more plausible, even though I was not aware of any install prompt or similar.

I would need to read up on PWA, and there seems to be a LOT unfortunately.