> It would only be accepting data that others willfully send its way.

Human knowledge and intent matters in legal matters. If a technology is accidentally misconfigured to send sensitive data to a third party, and that third party knows that the data they are receiving was not intended for them, then they are still responsible for not willfully misusing that data. That's clearly the case with corp.com.

> If this is illegal, then I can shut down any site by sending my private data to it.

No, if you knowingly choose to send your data somewhere, then you can't turn around and blame the people receiving your data. Again: human knowledge and intent matter for the law.

As an example, a charge of trespassing depends on permission (human knowledge and intent), not whether you leave your gate open (how a system is configured).

You seem to be trying to contradict that it is legal to own corp.com, but actually you are saying that misusing collected data is illegal, which I never denied.

The point is that it would be hard-to-impossible to go after someone who owns corp.com even if they use it for nefarious purposes because the actual nefarious action would be so hard to discover or prove.

Besides which, the bad actor here could easily live somewhere without an extradition treaty to the US or simply remain pseudo anonymous (via shell companies, bitcoin, etc). So, it would be possible for an unethical owner of corp.com to find a buyer who intends to use it for ill.

Don't the issues of intent only come up after some legal kerfuffle? What law-breaking event would cause an investigation here?

As shawnz hinted at there is a protocol dance that happens before the data is sent over. I don't know exactly what it consists of, but I suspect it's more than just tcp-level responses saying the port is open and ready to receive.

Playing along in that dance is arguably unethical and shows intent.