Those protesting against NEET paper leak make a website which then gets compromised, personal details of volunteers leaked: The joke that is CJP

The Cockroach Janta Party, founded by Aam Aadmi Party (AAP) member Abhijeet Dipke, has compromised the sensitive personal information of people who were misled into believing that he was fighting for the cause of ‘students’ in the aftermath of the NEET paper leak.

For the unversed, Dipke had called upon his followers to register on his party’s website (https://www.cockroachjantaparty.org/) soon after it was launched.

Later, the AAP member alleged that the government took down his website, a claim that was later found to be false. It has now come to light that the users who trusted Abhijeet Dipke with their personal information have now been left vulnerable at the hands of potential cybercriminals.

On Wednesday (1st July), OSINT expert Nisarga took to X (formerly Twitter) to expose vulnerabilities on the website of the Cockroach Janta Party.

He stated, “We have found severe critical vulnerabilities in CJP website, which are leaking a lot of PII/personal information and source code. We reported these vulnerabilities to CJP & CERT-In.”

Nisarga further tagged the spokespersons of the party and added, “This is critical and needs immediate attention.” A cursory perusal of the screenshots shows the alarming state of the website’s security.

Although the OSINT expert masked the information, it was clear that he could access the names, phone numbers, age, date of birth, and email ID of people who registered on the CJP’s website.

To make matters worse, many of the volunteers were minors aged between 14 and 17. These people can become victims of sexual predators, phishing experts and cybercriminals.

This sensitive, personal data has remained exposed on the internet for quite some time. It is unclear whether the list of individuals have already been leaked to the dark web. It is not yet known if steps were taken to fix the mess.

The Truth about the CJP website being taken down by the Modi govt

The outrageous claim that the Modi government took down the website of CJP does not hold up under the scrutiny of publicly available domain registration and DNS records. The domain cockroachjantaparty.org was registered on May 16, 2026, through Hostinger Operations, UAB, a Lithuania-based registrar known for affordable hosting services often used for new or experimental projects.

Importantly, technical data of the site reveals that the domain is currently in a “clientHold” status, accompanied by “clientTransferProhibited,” which has caused it to return an NXDOMAIN response on major public DNS resolvers such as Google DNS and Cloudflare. This means the domain has been entirely removed from the global DNS zone file, rendering it inaccessible worldwide rather than just within India.

Earlier in its brief existence, the site was live and then responded with standard HTTP 403 errors from Hostinger’s active servers before the hold took effect.

In domain management terms, “clientHold” is a standard EPP (Extensible Provisioning Protocol) status code controlled exclusively by the registrar, not by governments or external authorities. According to ICANN documentation and registrar policies, this status instructs the registry not to publish the domain in the DNS, effectively taking it offline until the registrar resolves the underlying issue. Such instruction can be issued only by the owner of the website, not third parties, not even governments. Alternately, the domain provider or the host can take the website offline due to various reasons.

It is commonly applied for routine administrative reasons such as incomplete WHOIS contact verification, billing or payment problems, compliance violations, or at the request of the domain owner. The clientHold affects resolution globally at the registry level, not at any country level.

On the other hand, when a government orders blocking a website, it is done through ISPs (Internet Service Providers) in the country, and the block only takes place in that country. In India, such a block is typically enforced through the Department of Telecommunications via ISP-level DNS poisoning, IP blacklisting, or URL filtering. Such actions allow the domain to still resolve correctly on international resolvers outside the country. That is why websites blocked by the Indian govt can be accessed in India through VPN.

Moreover, when one visits a website blocked by the govt, the browser displays a message saying the same. But when one visits cockroachjantaparty’s website, the browser displays the code DNS_PROBE_FINISHED_NXDOMAIN. This means the browser can’t find the domain because it has been deactivated.

Moreover, no public government orders, court directives, or official statements have been issued regarding cockroachjantaparty.org, further undermining the censorship claim.

Therefore, the analysis of the website shows that either it has been taken by Dipte himself, or the domain provider/host took it down due to some compliance issues. There is no evidence that the site was taken down on Indian government’s order.