Why would they take the server down when it would just be put up again in a new location and then they would need to trace it again? They would rather passively observe traffic to the server so they would be able to deanonymize clients with correlation attacks.