SIMON Intelligence + Telemetry

One page that shows the product vision and also proves the system is working: it reads your real NDJSON logs (403/404/500), surfaces repeat IP activity, shows top paths, and provides evidence rows with RID so you can investigate precisely.

UAP-5W1H Memory RID Evidence NDJSON Local Logs Anomaly Flags Safe Mode Ready
Window: Last 24 hours • RID: c4c9489713afd50f • Reads: /_logs/403.ndjson /_logs/404.ndjson /_logs/500.ndjson
System Visual MISSING: /system-visual.html
3D Visual not found.

Create /system-visual.html (Three.js) or change the iframe src.

Live System Stats (Last 24 hours)

Total Events
Count3
All parsed events within the selected window (403/404/500 + page views if present).
Security Codes
4030
4040
5000
These should map directly to your SIMON error pages and .htaccess blocks.
Top Paths
/downloads/2.php3
Top IPs
3.214.176.441
2a03:2880:f812:2f::1
216.73.216.541
Top 403 Reasons No reason fields found (depends on your 403.php logger fields). If you see restricted_area or probe_hidden_dotfile repeatedly, that is scanning/probing.
Anomaly Flags No anomalies flagged in this window. These are simple heuristics; they become stronger once UAP memory is fully enforced.

Operational Interpretation (What the Stats Mean)

Inside vs Outside (Best-Effort) If IP rotates across IPv6 ranges or appears as data-center blocks frequently, that’s typical internet scanning. Internal requests usually show local/private ranges (10.*, 192.168.*, 172.16-31.*) — which you currently are not seeing. Your recent examples (public IPs + IPv6 blocks) indicate external probing.
What You Still Need for “Proof” Add these fields to the NDJSON events wherever possible: server_addr, xff, cf_ray, asn (if available), plus a derived flag: is_internal (true if private ranges). Then SIMON can score likelihood: internal vs external.
Why Your Tools Unlock Fails Your /tools/.htaccess currently denies by default and only allows site_map.php. Anything like site_map_summary.php is blocked unless explicitly allowed in the unlocked clause. You need a whitelist list of allowed tool files when unlocked.

System Map (Concept + Build Steps)

Layer 1 — Public Shell index.php provides stable header/footer/menu and loads “canvas” pages generated by Web360. Public pages never expose raw logs; they only render safe dashboards.
Layer 2 — Gate (Apache + ErrorDocs) .htaccess routes error codes to SIMON pages (403/404/500) which log NDJSON with RID. This layer converts attacks and failures into structured memory.
Layer 3 — Core Memory (UAP 5W1H) NDJSON is the “truth ledger.” Future: write UAP events (who/what/when/where/why/how) for every incident, plus “fix applied” events, so SIMON learns and prevents repeats.
Layer 4 — Safe Mode (Hard Lock) A “locked skeleton site” that can be served even if everything else fails. Optionally a zip-based offline canvas that can be unpacked and served instantly.

Evidence Mode (Last 30 events in window)

view 2026-07-14 05:17:48 UTC
Path /downloads/2.php
IP 216.73.216.54
RID c4c9489713afd50f
UA Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
view 2026-07-13 15:38:57 UTC
Path /downloads/2.php
IP 2a03:2880:f812:2f::
RID 74728677899894ea
UA Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 (compatible; meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler))
view 2026-07-13 07:20:11 UTC
Path /downloads/2.php
IP 3.214.176.44
RID 746df9a9c3ba6282
UA Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36

Docs & Previous Work

Home (Hub) /home/
SIMON AI /simon_ai/
Web360 /web360/
Infinity /infinity/
403 Page (SIMON) /403.php
404 Page (SIMON) /404.php
500 Page (SIMON) /500.php
Tools: Site Map /tools/site_map.php
3D System Visual /system-visual.html