Comment by bigfatkitten

I used to work in the security team at a financial institution that was still running XP until around 2017.

We got to a point around 2015 where drive-by exploit kit developers just weren't targeting XP and IE8 anymore. Phishing landing pages would roll through all the payloads they had and silently exit.