TOKYO (MacHouse) – A cyber scum group possibly from China sent out a spam message with a title ‘Luxury’ some 8 hours ago. (See Screenshot 01.) Sender’s e-amil address is tello@qea.com. The spam message is obviously sent out to advertise a website, which is located at http://qautey.com. It appears to be an online store selling small items like accessories and watches. You want them? Oh, no… Don’t fall a victim to scam.
 Screenshot 01 – Source: MacHouse |
 Screenshot 02 – Source: MacHouse |
 Screenshot 03 – Source: qea.com |
So the spam message implies that sender’s address is tello@qea.com. But that’s unlikely to be the source. Looking at the source code of the message, the header is obviously manipulated. (See Screenshot 02.) The IP address of 68.119.201.65 appears frequently. This IP address belongs to Charter Communications (charter.com). Its data center is probably located in St. Louis, Missouri. If that’s the case, then the time zone should be U.S. Central (-05:00).
Quality Engineering Associates, Inc. has its website at qea.com. (See Screenshot 03.) This domain name appears frequently as well. The IP location of the website is 69.36.180.246. The website is hosted by West Host. (See Screenshot 04.) And their data center is located in Providence, Utah. So its time zone should be U.S. Mountain time (-06:00).
And the header indicates the message came through mxlogiccmx.net. The IP location of the website hosted at this domain is 208.65.150.132. Interestingly, it’s run by a company offering anti-spam security services. (Screenshot 05 shows the index page of MX Logic, Inc’s website.) If mxlogiccmx.net were the correct source of the spam message, the time zone would be U.S. Mountain.
 Screenshot 04 – Source: WestHost |
 Screenshot 05 – Source: mxlogicmx.com |
 Screenshot 06 – Source: qautey.com |
If you click on the hyper link in the spam message that says ‘Visit our shop,’ you will be directed to the website located at http://qautey.com. (See Screenshot 06.) If you look up this domain, you will find that it’s registered through Xin Net Technology Corporation. (See Screenshot 07.) It’s a registrar supporting Chinese cyber crime organizations.
So what will happen if you make a purchase at this website? If you proceed to its checkout page, you may see something familiar. We’ve gone over this fake checkout page many times. This so-called ’100% SECURE’ page has no security layer. (See Screenshot 08.) And the certificate labels have no underlying links to the websites of the issuers. In other words, it’s nothing but a fake checkout page to steal credit card information.
 Screenshot 07 – Source: Domain Tools |
 Screenshot 08 – Source: qautey.com |
 Screenshot 09 – Source: qautey.com |
By the way, the IP location of the website at qautey.com is 125.46.41.73. The network company is ChinaNet Henan Province Network. So this scam website is hosted in China.
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
Update: June 7, 2008
The same fake replica websites can now be found at
Two weeks ago I purchased four items from the King Replic website – I obviously didn’t realised this was a fake website. I assume I will never receive my goods??? Also, what do I do now??? Do I cancel my credit card in case these thieves try to use it again? I can’t believe I was so stupid! Please advise ASAP as I am really worried now.
Thanks so so much for your help.
Kindest Regards,
Edwina
I’m sorry to say it, but if you haven’t received your order after 2 weeks, I’m afraid you have been scammed.
>Do I cancel my credit card
I would.
The only way of your getting money back is to talk to the credit card company, I suppose. You may also want to search the Internet to find if there’s any EU agency equivalent to Federal Trade Commission so that you can file a complaint.