# Top # TLDs ## Get top TLDs by email message volume **get** `/radar/email/security/top/tlds` Retrieves the top TLDs by number of email messages. ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limit: optional number` Limits the number of objects returned in the response. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tldCategory: optional "CLASSIC" or "COUNTRY"` Filters results by TLD category. - `"CLASSIC"` - `"COUNTRY"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: object { meta, top_0 }` - `meta: object { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: object { annotations, level }` - `annotations: array of object { dataSource, description, endDate, 5 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `tags: optional array of string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of object { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of object { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of object { name, value }` - `name: string` - `value: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/top/tlds \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z", "tags": [ "BOT_CLASS" ] } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "top_0": [ { "name": "com.", "value": "10" } ] }, "success": true } ``` ## Domain Types ### TLD Get Response - `TLDGetResponse object { meta, top_0 }` - `meta: object { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: object { annotations, level }` - `annotations: array of object { dataSource, description, endDate, 5 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `tags: optional array of string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of object { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of object { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of object { name, value }` - `name: string` - `value: string` A numeric string. # Malicious ## Get top TLDs by email malicious classification **get** `/radar/email/security/top/tlds/malicious/{malicious}` Retrieves the top TLDs by emails classified as malicious or not. ### Path Parameters - `malicious: "MALICIOUS" or "NOT_MALICIOUS"` Malicious classification. - `"MALICIOUS"` - `"NOT_MALICIOUS"` ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limit: optional number` Limits the number of objects returned in the response. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tldCategory: optional "CLASSIC" or "COUNTRY"` Filters results by TLD category. - `"CLASSIC"` - `"COUNTRY"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: object { meta, top_0 }` - `meta: object { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: object { annotations, level }` - `annotations: array of object { dataSource, description, endDate, 5 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `tags: optional array of string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of object { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of object { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of object { name, value }` - `name: string` - `value: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/top/tlds/malicious/$MALICIOUS \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z", "tags": [ "BOT_CLASS" ] } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "top_0": [ { "name": "com.", "value": "10" } ] }, "success": true } ``` ## Domain Types ### Malicious Get Response - `MaliciousGetResponse object { meta, top_0 }` - `meta: object { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: object { annotations, level }` - `annotations: array of object { dataSource, description, endDate, 5 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `tags: optional array of string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of object { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of object { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of object { name, value }` - `name: string` - `value: string` A numeric string. # Spam ## Get top TLDs by email spam classification **get** `/radar/email/security/top/tlds/spam/{spam}` Retrieves the top TLDs by emails classified as spam or not. ### Path Parameters - `spam: "SPAM" or "NOT_SPAM"` Spam classification. - `"SPAM"` - `"NOT_SPAM"` ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limit: optional number` Limits the number of objects returned in the response. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tldCategory: optional "CLASSIC" or "COUNTRY"` Filters results by TLD category. - `"CLASSIC"` - `"COUNTRY"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: object { meta, top_0 }` - `meta: object { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: object { annotations, level }` - `annotations: array of object { dataSource, description, endDate, 5 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `tags: optional array of string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of object { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of object { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of object { name, value }` - `name: string` - `value: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/top/tlds/spam/$SPAM \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z", "tags": [ "BOT_CLASS" ] } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "top_0": [ { "name": "com.", "value": "10" } ] }, "success": true } ``` ## Domain Types ### Spam Get Response - `SpamGetResponse object { meta, top_0 }` - `meta: object { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: object { annotations, level }` - `annotations: array of object { dataSource, description, endDate, 5 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `tags: optional array of string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of object { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of object { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of object { name, value }` - `name: string` - `value: string` A numeric string. # Spoof ## Get top TLDs by email spoof classification **get** `/radar/email/security/top/tlds/spoof/{spoof}` Retrieves the top TLDs by emails classified as spoof or not. ### Path Parameters - `spoof: "SPOOF" or "NOT_SPOOF"` Spoof classification. - `"SPOOF"` - `"NOT_SPOOF"` ### Query Parameters - `arc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by ARC (Authenticated Received Chain) validation. - `"PASS"` - `"NONE"` - `"FAIL"` - `dateEnd: optional array of string` End of the date range (inclusive). - `dateRange: optional array of string` Filters results by date range. For example, use `7d` and `7dcontrol` to compare this week with the previous week. Use this parameter or set specific start and end dates (`dateStart` and `dateEnd` parameters). - `dateStart: optional array of string` Start of the date range. - `dkim: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DKIM (DomainKeys Identified Mail) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `dmarc: optional array of "PASS" or "NONE" or "FAIL"` Filters results by DMARC (Domain-based Message Authentication, Reporting and Conformance) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `format: optional "JSON" or "CSV"` Format in which results will be returned. - `"JSON"` - `"CSV"` - `limit: optional number` Limits the number of objects returned in the response. - `name: optional array of string` Array of names used to label the series in the response. - `spf: optional array of "PASS" or "NONE" or "FAIL"` Filters results by SPF (Sender Policy Framework) validation status. - `"PASS"` - `"NONE"` - `"FAIL"` - `tldCategory: optional "CLASSIC" or "COUNTRY"` Filters results by TLD category. - `"CLASSIC"` - `"COUNTRY"` - `tlsVersion: optional array of "TLSv1_0" or "TLSv1_1" or "TLSv1_2" or "TLSv1_3"` Filters results by TLS version. - `"TLSv1_0"` - `"TLSv1_1"` - `"TLSv1_2"` - `"TLSv1_3"` ### Returns - `result: object { meta, top_0 }` - `meta: object { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: object { annotations, level }` - `annotations: array of object { dataSource, description, endDate, 5 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `tags: optional array of string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of object { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of object { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of object { name, value }` - `name: string` - `value: string` A numeric string. - `success: boolean` ### Example ```http curl https://api.cloudflare.com/client/v4/radar/email/security/top/tlds/spoof/$SPOOF \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "result": { "meta": { "confidenceInfo": { "annotations": [ { "dataSource": "ALL", "description": "Cable cut in Tonga", "endDate": "2019-12-27T18:11:19.117Z", "eventType": "EVENT", "isInstantaneous": true, "linkedUrl": "https://example.com", "startDate": "2019-12-27T18:11:19.117Z", "tags": [ "BOT_CLASS" ] } ], "level": 0 }, "dateRange": [ { "endTime": "2022-09-17T10:22:57.555Z", "startTime": "2022-09-16T10:22:57.555Z" } ], "lastUpdated": "2019-12-27T18:11:19.117Z", "normalization": "PERCENTAGE", "units": [ { "name": "*", "value": "requests" } ] }, "top_0": [ { "name": "com.", "value": "10" } ] }, "success": true } ``` ## Domain Types ### Spoof Get Response - `SpoofGetResponse object { meta, top_0 }` - `meta: object { confidenceInfo, dateRange, lastUpdated, 2 more }` Metadata for the results. - `confidenceInfo: object { annotations, level }` - `annotations: array of object { dataSource, description, endDate, 5 more }` - `dataSource: "ALL" or "AI_BOTS" or "AI_GATEWAY" or 22 more` Data source for annotations. - `"ALL"` - `"AI_BOTS"` - `"AI_GATEWAY"` - `"BGP"` - `"BOTS"` - `"CONNECTION_ANOMALY"` - `"CT"` - `"DNS"` - `"DNS_MAGNITUDE"` - `"DNS_AS112"` - `"DOS"` - `"EMAIL_ROUTING"` - `"EMAIL_SECURITY"` - `"FW"` - `"FW_PG"` - `"HTTP"` - `"HTTP_CONTROL"` - `"HTTP_CRAWLER_REFERER"` - `"HTTP_ORIGINS"` - `"IQI"` - `"LEAKED_CREDENTIALS"` - `"NET"` - `"ROBOTS_TXT"` - `"SPEED"` - `"WORKERS_AI"` - `description: string` - `endDate: string` - `eventType: "EVENT" or "GENERAL" or "OUTAGE" or 3 more` Event type for annotations. - `"EVENT"` - `"GENERAL"` - `"OUTAGE"` - `"PARTIAL_PROJECTION"` - `"PIPELINE"` - `"TRAFFIC_ANOMALY"` - `isInstantaneous: boolean` Whether event is a single point in time or a time range. - `linkedUrl: string` - `startDate: string` - `tags: optional array of string` - `level: number` Provides an indication of how much confidence Cloudflare has in the data. - `dateRange: array of object { endTime, startTime }` - `endTime: string` Adjusted end of date range. - `startTime: string` Adjusted start of date range. - `lastUpdated: string` Timestamp of the last dataset update. - `normalization: "PERCENTAGE" or "MIN0_MAX" or "MIN_MAX" or 5 more` Normalization method applied to the results. Refer to [Normalization methods](https://developers.cloudflare.com/radar/concepts/normalization/). - `"PERCENTAGE"` - `"MIN0_MAX"` - `"MIN_MAX"` - `"RAW_VALUES"` - `"PERCENTAGE_CHANGE"` - `"ROLLING_AVERAGE"` - `"OVERLAPPED_PERCENTAGE"` - `"RATIO"` - `units: array of object { name, value }` Measurement units for the results. - `name: string` - `value: string` - `top_0: array of object { name, value }` - `name: string` - `value: string` A numeric string.