Anonymous demo report

What a HumanSurface assessment can return

This demo shows the shape of an assessment output: public exposure, potentially exposed contacts, visible technologies, leak signals, AI-assisted impersonation risk, and operational priorities.

All data on this page is synthetic and anonymous. It does not describe a real company and does not imply complete dark web coverage or guaranteed findings.

Demo risk score

67/100

Medium-high exposure

Demo domain

azienda-demo.example

Demo scope

Public website, indexed pages, contact paths, visible role context

Exposed public surface

Publicly reachable information that can help an attacker understand the organization.

Team and leadership pages with role descriptions.

Contact and supplier pages that reveal operational paths.

Indexed PDFs with process references and document names.

Recruiting pages with HR contacts and hiring context.

Potentially exposed emails

Synthetic examples of contact exposure and predictable address patterns.

info@azienda-demo.example visible on public contact pages.

amministrazione@azienda-demo.example referenced in a demo document.

careers@azienda-demo.example exposed through recruiting pages.

firstname.lastname pattern inferred from public examples.

Visible technologies

Externally visible or inferable technologies that can provide context, without invasive scanning.

CMS and public website framework signals.

Analytics and marketing tags visible in the page source.

Email protection and DNS configuration signals.

Public forms and document download paths.

Dark web / leak signals

Demo-only examples of how exposure signals would be summarized when relevant.

No confirmed credential leak is represented in this demo.

One synthetic mention of the demo domain in a breach-reference source.

No password, secret, or sensitive record is shown.

Signals are classified by priority and validated in the context of the agreed scope.

AI-assisted impersonation risk

How public context could be combined into credible messages or pretexts.

Visible finance and supplier context could support invoice-change pretexts.

Executive role descriptions could help imitate tone, authority, and urgency.

HR context could support fake candidate or attachment-based phishing.

Public information should be separated into business-useful visibility and risk-increasing detail.

Key-role information that may be abused

Public business context that can make targeted social engineering more believable.

Finance ownership and payment process references.

Executive responsibilities and public event participation.

HR recruiting workflows and candidate communication paths.

Operations references to locations, suppliers, and delivery processes.

Leak / dark web signals

This demo section shows how available indicators could be summarized without exposing sensitive data. It does not guarantee that every exposed record can be found.

Demo-only: no real company data, password, secret, or stolen record is represented here.

Example findings

Company email pattern detected in public sources.

Domain / brand references detected in available sources.

Possible credential exposure detected.

Recommended actions

Targeted password reset if the signal is confirmed.

Mandatory MFA for exposed or high-risk accounts.

Reduce exposed personal emails and direct contact paths.

Anti-impersonation procedures for HR and finance teams.

Operational priorities

High

Review direct public exposure of finance and HR email addresses.

High

Introduce verification steps for supplier, payment, and bank-detail change requests.

Medium

Reduce unnecessary role/process detail in indexed documents and public pages.

Medium

Brief executives, finance, HR, and operations on AI-assisted impersonation scenarios.

What to do immediately

Confirm which public contacts must remain visible for business reasons.

Move unnecessary direct emails behind forms or shared monitored inboxes.

Add out-of-band verification for urgent payment or supplier changes.

Review public documents for process, supplier, and role details that are not needed.

HumanSurface

Want this view on your real public exposure?

Start with a short call. We confirm fit and scope before activating the assessment.

Request assessment Read the method