[gen3]

You have to know where something is to seize it. Operations over international lines are hard to do. They likely have a series of bouncers/reverse proxies before the "main" back infrastructure. It is also likely that they rotate their bouncers regularly, different datacenters, countries, etc

[thedaly]

Don't the proxies just point back to the main infrastructure? How do the site operators deal with bandwidth usage and QOS and all the edge vps/proxies?

[gen3]

Generally, something like a nginx reverse proxy is pretty performant. The opsec gains come by rotating the infrastructure you run on. If you had something like a ingress -> middle -> backend, and then regularly changed hosts, by the time someone is able to get a court order to seize the ingress, you've already moved on and they need to start the process over.

In terms of system hardening, since the outer machines are almost bare, they are hard to hack. Attempting to attack the backend server isn't easy either (assuming the the webadmin knows what they are doing. Things like blocking outgoing traffic and configuring the system to not leak the backend server's IP)