Jumping in as someone with experience of setting up and running web servers, the exploit conspiracy theories don’t completely add up.
Firstly it is relatively trivial to provision new servers/clusters and/or assign new IP addresses. This could be done less than an hour before the sale. Yes, people who actually have the setup and CLI knowledge to interrogate the server can adapt but any pre-shared IPs or files used by the masses would be voided.
Secondly I strongly doubt See would provision servers with a fully wildcard domain name configured, at the very least some sub domains (like Glastonbury) would be excluded via regex, or alternatively every sub domain would be stated explicitly. In other words servers are restricted to certain sites.
Lastly regarding bots, the challenge is there is no time to script and test. Nobody is going to try and code it while the sale is in flight, and all See need to do it change a few HTML elements in the DOM to each year to break your crawler anyway.