cobalt instance dump I found online

cobalt.md

How did you find these?

I used a service called Censys Search to find them. There's some queries you can do:

• services.http.response.html_title: "cobalt"
  • This one can find web instances. Does lead to false positives, since any title can contain "cobalt."
• services.http.response.body_hash="sha1:bf53b9ab96065ed263df9ebcd2b3b0c4d88242b5"
  • This one can find API instances. This is the hash of the response that all instances use.
• You can probably also look for just port 9001/9000, but most of these ports are not default.

After I collected the list, I checked /api/serverInfo on the API instances to see if it has a url set. This can either be a subdomain or an IP. If it had a domain set, I tried to find the web instance by checking common subdomains (like co, cobalt, etc). If there were no connecting domains, I tried a look up the IP on SecurityTrails. Otherwise, it simply got listed as the IP.

I added most of these to my instance tracker already.

Instances List

Most of these are API only, so they don't have a frontend tied to it.

API	Frontend
https://coapi.kelig.me/api/json	https://co.kelig.me/
https://ca.haloz.at/api/json	https://dl.haloz.at
https://nyc1.coapi.ggtyler.dev/api/json	https://nyc1.co.ggtyler.dev
https://cal1.coapi.ggtyler.dev/api/json	https://cal1.co.ggtyler.dev/
https://par1.coapi.ggtyler.dev/api/json	https://par1.co.ggtyler.dev/
http://2557.gra1.ovh.abcd.network:9000/api/json	http://2557.gra1.ovh.abcd.network:9001
https://cobalt-api.ayo.tf/	https://cobalt.ayo.tf/
uses co.wuk.sh	https://co.meow.gb.net/
http://social.mohsentaleb.com/api/json	http://social.mohsentaleb.com/
http://109.71.240.121:9000/api/json	http://109.71.240.121:9001/
uses co.wuk.sh	https://download.xcloud.live/
http://94.241.175.125:9000/api/json	http://94.241.175.125:9001/
http://77.246.111.101:9000/api/json	http://77.246.111.101:9001/
http://188.165.205.60:9000/api/json	http://188.165.205.60:9001/
http://77.91.75.45:9000/api/json	http://77.91.75.45:9001/
https://cobalt.minaev.su/api/serverInfo	https://cobalt.minaev.su/
http://185.170.213.63:9000/api/json	http://185.170.213.63:9001/
uses co.wuk.sh	http://202.63.172.20:9001/
http://195.15.242.243:9000/api/json	http://195.15.242.243:9001/
http://31.220.77.64:9000/api/json	http://31.220.77.64:9001/
http://192.53.116.208:9000/api/json	http://192.53.116.208:9001/
uses co.wuk.sh	http://135.181.27.83:9000/
https://cobaltapi.clebootin.com/	???
https://dlapi.miichelle.moe/api/json	https://dl.miichelle.moe/
https://ytapi.edd1e.xyz/	https://yt.edd1e.xyz/
https://cblt.fariz.dev/api/json	https://cobalt.fariz.dev/
https://api.seventyhost.net/api/json	https://d.seventyhost.net/
https://cobalt.misike.eu/api/json	???
https://api.cobalt.tacohitbox.com/api/json	https://cobalt.tacohitbox.com
https://cdn1.tik.live/api/json	???
https://cdn2.tik.live/api/json	???
https://cdn3.tik.live/api/json	???
https://cdn4.tik.live/api/json	???
https://cdn5.tik.live/api/json	???
http://147.45.111.84:9000/api/json	???
http://86.195.21.136:8018/api/json	???
http://161.35.207.247:9000/api/json	???
https://dl01.yt-dl.click/api/json	???
https://dl02.yt-dl.click/api/json	???
https://dl03.yt-dl.click/api/json	???
https://dl04.yt-dl.click/api/json	???
https://dl05.yt-dl.click/api/json	???
https://dl06.yt-dl.click/api/json	???
https://dl07.yt-dl.click/api/json	???
https://dl08.yt-dl.click/api/json	???
https://dl09.yt-dl.click/api/json	???
uses co.wuk.sh	https://ui.eu1.cobalt.dillonri.ng/
http://95.140.158.39:9000/api/json	???
https://api.snaptik.so/api/json	???
http://92.51.47.196:9000/api/json	???
http://77.120.21.10:3201/api/json	???
https://dl01.spotifyloader.com/api/json	???
http://2.56.214.74:9000/api/json	???
https://api.yt.corebyte.me/api/json	https://yt.corebyte.me/
http://168.119.212.145:1010/api/json	https://cobalt.snapredd.app/
https://cobalt-api.luver.pw/api/json	https://cobalt.stun.services/
uses co.wuk.sh	http://194.163.167.46:9001/
https://cobapi.elrant.team/api/json	https://cobalt.elrant.team/

how