I experienced this first hand in 2014. We got to a point where drive-by exploit kits just weren’t shipping IE8, Java 6 or Windows XP payloads anymore.