The number of times a domain ownership get turned over to the police are not that common. For malware it is much more common to just remove the registration than to keep it registered for all eternity. There are a few different procedures used for malicious registrations (got to be careful with cnc), but the absolute most common seems to be to just put the domain on hold and then remove the registration after a short period. 99.9% (likely a few more 9s) are handled like that voluntarily by the registry and also by some registrars, which mean it does not involve the courts. The number of cases where it does goes the full length to court, a guilty verdict is reached, and the ownership of a malicious domain is decided to be given over to the police are very few.