InternetPerils has an interesting animated gif that shows a “cluster” of phishers.
A phishing message arrives in your mailbox, pretending to be from a bank, or from an etailer such as eBay or Paypal. It directs you to a web page and asks you to enter your password or social security number to verify your identity, but the web page is not one actually associated with the bank; it's on some other server.
InternetPerils has discovered that those phishing servers cluster, that infest ISPs at the same locations for weeks or months.
Here's an example of a phishing cluster in Germany, ever-changing yet persistent for four months, according to path data collected and processed by InternetPerils, using phishing server addresses from the Anti-Phishing Working Group (APWG) repository.
Link here (opens in new tab).