Below is a historical record for the virtualfirefox.com, the Mozilla-owned domain that was used to send bomb threats. Notice how from 2013 to 2017 it resolved to its intended IP address of 74.80.210.168.
Read full news article on Technology Lab – Ars Technica