The "commercial" domains claimed by USA (erroneously) as theirs (ie com/net/org) are public from registration. Terribly bad domain name system all round.
Other domains (eg UK) are more difficult to discover as they have to be registered in DNS as well. I've registered UK domains and never recceived a bot attempt on briefly DNS's test sites. But com is open season.
However, once in DNS it can be found if DNS is scanned.
I really wish there were some way to ONLY get robots by invitation.
One has to view G's approach in the area of malware promoters in a sceptical light:
"Google (enacted) some forceful policy changes recently that prohibit developers from sending users who download apps from Google Play off the marketplace for updates. The Google policy change states that any app downloaded from Google Play may not modify, replace or update its Android Application File (APK) binary code using an update method other than Google’s."
Optimistic to say the least! :)