Reporting of malicious domains by law enforcement is down, but phishing still on the rise

29th February 2024

OXFORD, UK – 29th February 2024: Nominet, the guardian of the .UK domain since 1996, has today released its annual update on .UK domains suspended for criminal activity over the 12 months to 31 October 2023.

When alerted by law enforcement agencies, Nominet works quickly with our registrars to suspend domains in accordance with our Criminal Practices Policy. For another year in a row, domains suspended for criminal activity are at the lowest since we started tracking.

In 2023, 1,193 domains were suspended through Nominet’s joint efforts with law enforcement, down from 2,106 in 2022. This downward trend could suggest criminals are choosing other TLDs, as the .UK namespace is known to be hostile to illegal activities.

Meanwhile, domains suspended by Nominet’s proprietary machine learning tool – Domain Watch – are increasing. Domain Watch is an anti-phishing initiative that identifies potentially malicious domains at point of registration. It puts these on hold while Nominet’s in-house compliance team works with the registrant and registrar to determine if they are for legitimate use. In 2023, 5,911 domains were suspended through Domain Watch, up from 5,005 in 2022. As updates are made the Domain Watch model, it catches more and more attempts at registering malicious domains.

Key stats:

  • Last year, Nominet expanded efforts to tackle abuse in .UK to include existing domain registrations that appear on threat feeds. The success of this tactic continues, as 2,230 were suspended in 2023 using this third-party data, up from 1,108 in 2022.
  • Police Intellectual Property Crime Unit (PIPCU) ranks at the top for number of suspensions by reporting agency at 717. It is followed by the National Fraud Intelligence Bureau (NFIB) at 321, then by the Financial Conduct Authority (FCA) at 116.
  • Nominet prohibits the registration of domain names that promote or incite serious sexual offences (where there is no reasonable or legitimate use for that domain). While 1,058 potential breaches were flagged, no domains were suspended.

Eleanor Bradley, Managing Director of Registry and Social Impact, Nominet, commented: “Our approach to tackling criminality in the .UK namespace continues to get results. It’s positive to see criminal activity, as reported by law enforcement, is down, while Domain Watch remains a valuable tool because it prevents domains with malicious intent entering the .UK namespace in the first place.  We’re extremely proud of the hard work of our people and our partners in keeping the .UK domain as safe and secure as it can be.”


Nominet is a public benefit company, driven by a commitment to use technology to improve connectivity, security and inclusivity online. Since 1996, Nominet has run the .UK internet infrastructure, developing an expertise in the Domain Name System (DNS) that now underpins sophisticated threat monitoring, detection, prevention, and analytics that is used by governments to mitigate cyber threats. Our social impact programme provides funding, support and opportunities to help tackle some of the most important digital issues facing young people in the UK today.

Learn more on

To understand more about Nominet’s collaboration with UK law enforcement, read our Criminal Practices Policy, available at