SENTINEL // OPEN INTEL
◤ Cyber and spectrum

Cyber, spectrum, and routing

The cyber surface aggregates four public-source signal streams that reshape the operating picture in real time but do not fit cleanly under conflict or weather: BGP route leaks and origin hijacks from Cloudflare Radar, OONI per-country censorship measurement, MISP threat-actor presence by country, and the GPS jamming and spoofing layer rendered live on the globe.

OONI censorship leaderboard

Top countries by 30-day anomaly rate

The Open Observatory of Network Interference is a global volunteer measurement network that tests for blocked websites, throttled services, deep-packet-inspection events, and middlebox interference. The list below ranks countries by their 30-day anomaly rate (the share of probes that returned an anomalous response). Click into any country for the full per-app and per-category breakdown.

BGP route leaks and hijacks

Snapshot 9h ago

BGP leaks happen when an autonomous system announces routes it should not have advertised; hijacks are claims of address space owned by another network. Both result in traffic redirection on the underlying internet. SENTINEL surfaces leaks and hijacks tracked by Cloudflare Radar.

20
Recent leaks
20
Recent hijacks
5
Top originating ASNs
94
Update samples (24h)
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
leak·
Leak by AS? ·
hijack·10h ago·196.242.77.0/24
Hijack by AS58065 · 196.242.77.0/24
AS58065 (Orion Network Limited) [GB]
hijack·10h ago·218.240.176.0/22
Hijack by AS23724 · 218.240.176.0/22
AS23724 (IDC, China Telecommunications Corporation) [CN]
hijack·11h ago·91.199.139.0/24
Hijack by AS50165 · 91.199.139.0/24
AS50165 (Municipal Enterprise Slavutych-Teplomerezhi of Slavutych City Council of Vyshhorod District of Kyiv Region) [UA]
hijack·11h ago·2402:7d80:240::/48
Hijack by AS24348 · 2402:7d80:240::/48
AS24348 (CERNET2 IX at Tsinghua University) [CN]
hijack·11h ago·95.85.82.0/24
Hijack by AS12389 · 95.85.82.0/24
AS12389 (PJSC Rostelecom) [RU]
hijack·11h ago·77.90.177.0/24
Hijack by AS62240 · 77.90.177.0/24
AS62240 (Clouvider Limited) [GB]
hijack·12h ago·185.135.18.0/24
Hijack by AS28889 · 185.135.18.0/24
AS28889 (LinzNet Internet Service Provider GmbH) [AT]
hijack·12h ago·2a0c:8f40::/29
Hijack by AS5403 · 2a0c:8f40::/29
AS5403 (APA-IT Informations Technologie G.m.b.H) [AT]
hijack·12h ago·162.18.71.0/24
Hijack by AS17025 · 162.18.71.0/24
AS17025 (Zayo Bandwidth) [US]
hijack·13h ago·105.234.150.0/24
Hijack by AS37616 · 105.234.150.0/24
AS37616 (Airtel Gabon S.A) [GA]
hijack·13h ago·93.125.70.0/24
Hijack by AS210532 · 93.125.70.0/24
AS210532 (hueNET llc) [US]
hijack·13h ago·114.79.32.0/24
Hijack by AS133798 · 114.79.32.0/24
AS133798 (PT. Smartfren Telecom, Tbk) [ID]
hijack·14h ago·156.239.20.0/24
Hijack by AS5065 · 156.239.20.0/24
AS5065 (Bunny Communications) [US]
hijack·14h ago·202.157.94.0/24
Hijack by AS45820 · 202.157.94.0/24
AS45820 (TTSL-ISP DIVISION) [IN]
hijack·15h ago·193.177.160.0/23
Hijack by AS39700 · 193.177.160.0/23
AS39700 (Signet B.V.) [NL]
hijack·15h ago·216.177.129.0/24
Hijack by AS31898 · 216.177.129.0/24
AS31898 (Oracle Corporation) [US]
hijack·16h ago·202.152.224.0/24
Hijack by AS24203 · 202.152.224.0/24
AS24203 (PT XL Axiata Tbk) [ID]
hijack·17h ago·181.224.57.0/24
Hijack by AS272460 · 181.224.57.0/24
AS272460 (Ms Fibra Ltda) [BR]
hijack·17h ago·85.112.118.0/24
Hijack by AS50384 · 85.112.118.0/24
AS50384 (iHome LLC) [RU]
hijack·17h ago·91.217.166.0/24
Hijack by AS3920 · 91.217.166.0/24
AS3920 (ESTOXY OU) [EE]
10 of 40

Threat actors by country

458 groups across 35 countries

The MISP galaxy taxonomy catalogues named threat actors (APT groups, financially motivated criminal groups, hacktivist collectives) by attributed sponsor country. Click into any country to see its full per-actor table on the dossier page.

Sample groups attributed to China
  • 1937CN
  • Amaranth-Dragon
  • Antlion
  • Aoqin Dragon
  • APT.3102
  • APT1
  • APT10
  • APT12
  • APT14
  • APT15
  • APT16
  • APT17
  • APT18
  • APT19

GPS jamming and spoofing

GPS jamming is rendered live as a hex-bin heatmap on the globe; spoofing surfaces as discrete events on the patterns rail. Both feeds are too high-resolution to enumerate here usefully, but the categorical state across the major flashpoints is steady: persistent interference around Russia, Iran, the Eastern Mediterranean, and Israel, with intermittent step-changes around active strike windows.

The spoof classifier looks for the spurious-position signature where multiple aircraft simultaneously report a fix at the same impossible coordinate. Receiver-handoff false positives in mid-Atlantic and mid-Pacific coverage gaps are filtered.

Open jamming layer →Spoof events on the rail →

See it live

The cyber tab on the live globe carries the four data feeds above with full per-country drill-down, BGP timeseries graphs, OONI 30-day anomaly trends, and a threat-actor table. The country panel on each country page (axonia.us/<iso>) summarises the same data per-country.

Open the live globe →Cyber topic explainer →