One page that shows the product vision and also proves the system is working: it reads your real NDJSON logs (403/404/500), surfaces repeat IP activity, shows top paths, and provides evidence rows with RID so you can investigate precisely.
Last 24 hours • RID: c4c9489713afd50f • Reads:
/_logs/403.ndjson /_logs/404.ndjson /_logs/500.ndjson
Create /system-visual.html (Three.js) or change the iframe src.
restricted_area or probe_hidden_dotfile repeatedly, that is scanning/probing.
server_addr, xff, cf_ray, asn (if available),
plus a derived flag: is_internal (true if private ranges).
Then SIMON can score likelihood: internal vs external.
site_map.php.
Anything like site_map_summary.php is blocked unless explicitly allowed in the unlocked clause.
You need a whitelist list of allowed tool files when unlocked.
/home/
/simon_ai/
/web360/
/infinity/
/403.php
/404.php
/500.php
/tools/site_map.php
/system-visual.html