For phishing to be successful, it is necessary to instill confidence and appear legitimate in the eyes of the potential victim, especially when mimicking a known brand. To achieve this, attackers employ various obfuscation techniques. Some are aimed to bypass existing technical (software) protections; others are aimed against the targeted victim (person). On the side of prevention, these techniques are seen as a clear sign of phishing, and many detection algorithms use these characteristics to decide whether to show or block the given webpage. Analysis conducted on 15 years of phishing data (2009-2023) collected from PhishTank and PhishStats websites focused on the prevalence and trends of various obfuscation techniques. These figures would allow validation and weighting of the relevancy of these indicators in phishing web page detection throughout the covered period and also provide a future baseline for creating a robust phishing dataset. Analysis steps required collecting and consolidating the phishing URL data. Due to the nature of the phishing data collection and their potential overlap, it was necessary to cleanse and filter out incorrect and duplicate records. The analysis’s core part summarizes the selected techniques’ prevalence and highlights notable observations. A noteworthy finding is that they occur rarely despite being a powerful indicator of phishing. Any of the techniques reviewed is present in less than ≈3% of the phishing URLs across the entire 15-year period. The most common techniques (in order of prevalence) are the - use of IP addresses, URL shorteners, ports, and Punycode. The remaining ones are extremely rare, with single or maximum double-digit occurrences.