maratona.branch77.app
Category: Phishing
Description of maratona.branch77.app
The domain maratona.branch77.app appears to host a Portuguese-language landing page themed around “Maratona do Rio,” with a registration form requesting personal details such as name, CPF, email, phone number, and account segment. The page title references a marathon event, while the visible branding in the screenshot prominently displays the Itaú logo, suggesting the page may be presenting itself as part of a promotional registration or prize-related campaign tied to a Brazilian audience.
Based on the domain structure, this does not appear to be an official primary domain for either the marathon event or the Itaú brand. Instead, it is hosted on a branch77.app subdomain, which may indicate a campaign microsite, third-party hosting arrangement, or an unofficial page. Because the visible content combines event-related wording with financial-brand imagery and personal-data collection, visitors would be prudent to verify the relationship between the page, the event, and the brand before submitting information.
Safety Assessment for maratona.branch77.app
At the time of this scan, no malware was detected by 0 out of 91 security engines, and the available blacklist checks were clean. The page also used a valid SSL certificate, which helps encrypt data in transit. Based on scan telemetry alone, there were no direct signs of malware delivery or known blacklist activity at the time of review.
That said, the page content raises contextual concerns that automated malware scans do not fully address. The domain closely associates a marathon-themed label with prominent Itaú branding, yet it is hosted on a lesser-known subdomain rather than an obvious official brand or event domain. The screenshot shows a form collecting sensitive personal information, including CPF and contact details, which may increase the risk if the page is unofficial or misleading.
Because reputation scans were clean but the branding and domain relationship appear unusual, this website may warrant caution and independent verification before any personal data is entered. Based on available scan data, no malware threats were detected at the time of this scan, but the page may pose potential risks related to impersonation or data collection.
Technical Description
The site was served over HTTPS with a valid Let's Encrypt certificate expiring in August 2026. It appears to run on nginx/1.24.0 (Ubuntu) and is hosted on AWS EC2 in the São Paulo region, with AWS nameservers configured. The page assets suggest a modern JavaScript application framework, likely using a Next.js-style build structure.
DNSSEC is unsigned, which is still common but provides less protection against certain DNS-manipulation scenarios than signed zones. No malicious files, flagged external links, or iframe-based concerns were identified in the provided scan results. The main technical concern is not server-side malware evidence, but rather the mismatch between the displayed branding and the hosting/domain context.
Share your experience with this website. Was it safe? Did you encounter any issues?