Phishing Activity: Key Statistics
February 1, 2024 - April 30, 2024

We analyzed URLs, domain names, and IP addresses that have been reported for phishing. These and other metadata — e.g., registration data, DNS zone data, attack type and targeted brand — allow us to determine where phishers are acquiring resources for their criminal activities. Indicators of compromise allow us to distinguish hostnames delegated from domains that were purposely registered for phishing campaigns from hostnames assigned to compromised web sites that were delegated from domain names for legitimate purposes.

During this period, we measured phishing reports, phishing attacks, and the number of unique domain names reported for use in phishing attacks. We also measured famous brands that were targeted by phishers.

Measurement Count
Total number of phishing reports collected from feeds this quarter 1,182,534
Phishing attacks reported 693,542
Unique domain names reported for phishing 539,363
Maliciously registered domains reported for phishing 444,669
Top-level Domains (TLDs) where we observed phishing 638
gTLD Registrars that had domains under management reported for phishing 1,506
All Registrars that had domains under management reported for phishing 2,162
Hosting Networks (ASNs) where phishing web sites were reported 2,451
Brands targeted in phishing attacks 1,098
Number of phishing attacks using a subdomain reseller 99,457

Quarterly Update:
Key Statistics
Quarterly Update:
Top Level Domains
Quarterly Update:
Registrars
Quarterly Update:
Hosting Networks
Quarter over Quarter:
Key Statistics