A newly uncovered CDC lookalike website is raising alarms among cybersecurity experts for its potential role in phishing and digital impersonation. The site, hosted at chdstaging[.]org and redirected via realcdc[.]org, mirrors the visual identity and branding of the Centers for Disease Control and Prevention (CDC), down to the official logos and social media links. Instead of public health guidance, it hosts false and misleading claims about vaccines.
According to the initial report by InfoEpi Lab, this deceptive staging site could be used to harvest data, spread malware, or mislead users into believing they are interacting with a legitimate government source. The use of authoritative language and design tactics commonly employed in phishing schemes heightens the risk for unsuspecting visitors—particularly those seeking vaccine information.
Threat intel researcher Kyle Ehmke identified the domain just days after its registration and traced its infrastructure to Children’s Health Defense (CHD), an organization known for spreading vaccine misinformation. Ehmke noted that realcdc[.]org, chdstaging[.]org, and childrenshealthdefense[.]org all share Cloudflare nameservers, suggesting coordinated staging.
While the site is not currently live as a primary domain, cybersecurity professionals caution that it could be activated during a future public health campaign, increasing the likelihood of widespread confusion or manipulation.
Veteran cybersecurity journalist Brian Krebs independently verified the findings. “I’ve been checking their work, and it checks out so far. These and several related sites have been up and down for the past few months,” he wrote in a LinkedIn post sharing the report.
In his post, Krebs also shared a document that confirms the sites share a Cloudfare host and web archives of the anti-vaccine content.
