Course assignment. This application is work for the capstone Software Engineering course in the Computer Science program at the University of Wisconsin–Green Bay. It is submitted in partial fulfillment of that course’s project requirements, under the guidance of Dr. Ahsan (advisor).
About the course
The Software Engineering capstone is a team-based experience focused on the full lifecycle of a real software product: scoping and proposal, architecture and technology choices, implementation, quality practices, and deployment—much like you would see on a small professional project. Students coordinate roles, integrate components (here, a data pipeline, APIs, hosting, and a map UI), and document assumptions, risks, and outcomes.
Our team’s project is known in documentation as Phish N’ Heat; this site, ShowMeTheVillain, is the interactive map and public-facing piece of that work.
ShowMeTheVillain
Global phishing threat map — visualize reported phishing-related activity by geography, with filters for threat level, target, country, and ISP.
Team
- Bryon Cobb — GitHub repo management, hosting, software architecture
- Thomas Lovesee — Python backend, database management, SQL and queries
- Ethan Christman — API handling and parsing, data types for the database
- Matthew Kabat — networking assistance, front-end integration
What this project is
We are building an interactive view of phishing activity so you can see where reported threats cluster and how intense they are. The original proposal framed this as a heat map of digital attackers by geography over a multi-year window, combining threat level and context (target brand, country, ISP) with a readable map for analysts, data brokers, and reporters who need a quick sense of problematic regions.
This site is the map experience: a density map with filters for threat level, target company, country, and ISP. Points load once, then filters apply in the browser so you can explore without hammering upstream services.
How it works
Incident data ultimately traces to PhishStats (public phishing telemetry). Depending on deployment,
the map page reads JSON from either the FastAPI backend (cached PhishStats pipeline) or a
Cloudflare Worker backed by D1 when the app is hosted on Pages — controlled by the
api-base and data-source meta tags on index.html.
The visible map is built with Plotly (densitymapbox) for a lightweight, static-friendly
front end; the course write-up also described a React-based UI path for richer dashboards. Same mission: make harmful
links and their geography easier to reason about.
Constraints we planned for
- API rate limits — PhishStats free tier is generous but capped (on the order of calls per minute), so caching, batching, and bounded queries matter.
- Hosting — Cloudflare Workers, D1, and Pages were new to much of the team; we validated that the stack could serve interactive reads reliably.