How not?
If a lxc container is in a btrfs subvolume or in a zfs dataset (those are created easily like a directory, it’s not a partition), you can do a full 1:1 copy in less than one second via a snapshot, keeping all the system files, database, version and configs
But your endpoints are already available to everyone with just a nslookup.
Maybe it’s more the permanent history of that, so if you run something like “radarr.example.com” then you wouldn’t have plausible deniability if you’re sued and the CT logs are presented as proof of your wrongdoing