RansomLook ← Back to site
Python 3 examples (requests)

List recent posts (last 7 days)

import requests

API = "https://www.ransomlook.io/api"
HEADERS = {"Authorization": "YOUR_API_KEY"}

resp = requests.get(f"{API}/posts", params={"days": 7}, headers=HEADERS)
for post in resp.json():
    print(post["group_name"], "—", post["post_title"])

Get a specific group's details

import requests

API = "https://www.ransomlook.io/api"
HEADERS = {"Authorization": "YOUR_API_KEY"}

resp = requests.get(f"{API}/group/lockbit", headers=HEADERS)
group = resp.json()
print(f"Group: {group[0]['name']}")
for loc in group[0].get("locations", []):
    status = "UP" if loc.get("available") else "DOWN"
    print(f"  {status} — {loc['slug']}")

Search across all posts

import requests

API = "https://www.ransomlook.io/api"
HEADERS = {"Authorization": "YOUR_API_KEY"}

resp = requests.get(f"{API}/search", params={"query": "acme"}, headers=HEADERS)
for hit in resp.json():
    print(hit["group_name"], "—", hit["post_title"], "—", hit["discovered"])

Export full database (requires API key)

import requests, json

API = "https://www.ransomlook.io/api"
HEADERS = {"Authorization": "YOUR_API_KEY"}

# DB 0 = Groups, 2 = Posts, 3 = Markets, 4 = Leaks, 5 = Actors
for db_num in [0, 2, 3, 5]:
    resp = requests.get(f"{API}/export/{db_num}", headers=HEADERS)
    if resp.status_code == 200:
        data = resp.json()
        print(f"DB {db_num}: {len(data)} entries")
        with open(f"ransomlook_db{db_num}.json", "w") as f:
            json.dump(data, f)

Get threat actor profile

import requests

API = "https://www.ransomlook.io/api"
HEADERS = {"Authorization": "YOUR_API_KEY"}

resp = requests.get(f"{API}/actor/bassterlord", headers=HEADERS)
actor = resp.json()
print(f"Actor: {actor.get('name')}")
print(f"Aliases: {', '.join(actor.get('aliases', []))}")
for g in actor.get("relations", {}).get("groups", []):
    print(f"  → Group: {g}")

Crypto addresses for a group

import requests

API = "https://www.ransomlook.io/api"
HEADERS = {"Authorization": "YOUR_API_KEY"}

resp = requests.get(f"{API}/crypto/lockbit", headers=HEADERS)
data = resp.json()
for chain, addrs in data.get("by_chain", {}).items():
    for a in addrs:
        print(f"  [{chain}] {a['address']} — tx: {a.get('tx_count', 0)}")