I received a mysterious, urgently worded text message 11/3/2017:
*********BEGIN MSG
JP.CHASE. Update ID#Cje03fa# Security update requested!
Review your account: www.chaseofficesa.gq [SLASH] cJTO [SLASH] wTSICMu.mob
*********END MSG
I replaced the forward slashes in the message text with [SLASH] to prevent click-throughs, even though this URL scans as clean on VirusTotal.
I entered the base web address www.chaseofficesa.gq which redirected to
http://www.chaseofficesa.gq/dashboard/
a "Welcome to XAMPP" web page nearly identical to a (apparently) legitimate page
http://robot.iecs.fcu.edu.tw/dashboard/
for Feng Chia University in Taiwan
except the links at the top of the chaseofficesa page ("Applications", "FAQs", etc.) are dead links that lead to DNS lookup error pages.
In fact, ALL attempts to look up chaseofficesa.gq led nowhere until I looked up "ccTLD" {"country code top-level domain") on Wikipedia and saw that the Equatorial Guinea top-level domain can be used freely. I looked into free domain services and used Freenom's WHOIS Lookup
http://whois.freenom.com/cgi-bin/whois
to learn that
"CHASEOFFICESA.GQ
"Your selected domain name is a domain name that has been cancelled, suspended, refused or reserved at the Registry. It may be available for re-registration at http://www.freenom.com.
"In the interim, the rights for this domain have been automatically transferred to:
Freedom Registry, Inc.
2225 East Bayshore Road #290
Palo Alto CA 94303
United States
Phone: +1 650-681-4172
Fax: +1 650-681-4173
E-mail: abuse: abuse@freenom.com, copyright infringement: copyright@freenom.com"
Finally I used tracert in Administrative Command Prompt that gave the IP address for chaseofficesa.gq as 198.105.254.104.
The WHOIS lookup for 198.105.254.104 led to Search Guide Inc, *another* shell according to a DSLReports forum post
http://www.dslreports.com/forum/r28918321-What-are-your-DNS-Servers
"For those of you wondering who's actually getting your data:
WOW sends all the hijacking data to "Search Guide Inc." Some of the traffic goes to Highwinds, but Highwinds is just providing a CDN. 'Search Guide Inc' doesn't exist on the internet - they have a domain but no website whatsoever."
So I give up. How and why a questionable text message led to Apache Friends is a question that is consuming too much of my personal time, so all I can do is report this here and cc Freenom.