Phishing Activity: Key Statistics Quarter over Quarter comparison: February 1, 2026 - April 30, 2026
Each reporting period, we analyze URLs, domain names, and IP addresses reported for phishing. We use these and other metadata — domain and IP address registration data, ICANN registry and registrar monthly reports, routing data, attack type, and other indicators — to report key statistics for each reporting period.
A comparison of key statistics for the periods November 1, 2025 - January 31, 2026 and February 1, 2026 - April 30, 2026 appears in the table below.
| Measurement | November to January 2026 | February to April 2026 | ChangeinMeasurement |
|---|---|---|---|
| Total number of phishing reports collected from feeds (per quarter) | 1,861,264 | 1,536,540 | -324,724 |
| Phishing attacks reported | 1,206,064 | 1,028,332 | -177,732 |
| Unique domain names reported for phishing | 867,685 | 732,837 | -134,848 |
| Maliciously registered domains reported for phishing | 559,618 | 588,102 | 28,484 |
| Top-level Domains (TLDs) where we observed phishing | 726 | 639 | -87 |
| gTLD Registrars that had domains under management reported for phishing | 1,775 | 1,452 | -323 |
| All Registrars that had domains under management reported for phishing | 2,496 | 2,158 | -338 |
| Hosting Networks (ASNs) where phishing web sites were reported | 2,530 | 2,430 | -100 |
| Brands targeted in phishing attacks | 1,741 | 1,610 | -131 |
| Number of phishing attacks using a subdomain reseller | 163,341 | 95,769 | -67,572 |
| Quarterly Update: Key Statistics |
|||
| Quarter over Quarter: Key Statistics |
Quarter over Quarter: Top Level Domains |
Quarter over Quarter: Registrars |
Quarter over Quarter: Hosting Networks |