It takes less than a weekend for a blocked website to reinvent itself and go after the same target audience.After a domain name closed a website because of a potential scam, the website popped up again. A search of the latest iteration of the questionable website connects the originators of the site to several international scams, ranging from a fake investment scheme to a romance scam.In our article, Gone phishing: Business owner almost scammed by fake government tender, amaBhungane reported how the website sanetexhygiene.co.za was closed after a businesswoman reported it to its domain registry.A domain search showed that the "co.za" website was last updated on 17 April, 2020, and the website host removed the site before 20 April.However, by 18 April, a new site was formed: sanetexhygiene.com. The latest site had all the trappings of the former site – the same appearance, wording, telephone numbers and industrial sanitiser machine for sale. nullnull nullnull The DX610M sanitiser machine – put out for tender via a bogus health department request for quotation – does not exist beyond these two South African websites. The websites had, in effect, renamed and repackaged the US-based Protexus Electrostatic Sprayer which, when used with Purtabs disinfecting tablet, meets Environmental Protection Agency criteria for use against SARS-CoV-2, the virus that causes Covid-19.nullnull Perhaps to remove suspicion that the two websites share the same creators, minor changes were made on the new website to differentiate it from the older one. The difference between the "co.za" and ".com" was the new domain name, which led to the establishment of a new email address and a new physical address. A Google Maps search showed the original "co.za" site as being located in a warehouse in Cape Town, with the new site located in an industrial area in George.The other scamsTo connect the dots between this scam and others, amaBhungane used the information it had from a web domain search for both companies, which included a location and an international Panama-based number.This is what we found:On 13 November, 2019, Scampolice Group, a website which exposes so-called 419 scams, reported how one George Ryg Wilson (also known as Scales Wilson) masqueraded as a US military veteran and targeted women through Facebook, using a parcel delivery scam. The scam saw Wilson contact women and ask them to fork out hundreds of euros in customs fees for parcels he was meant to receive. The parcels were allegedly expensively packaged and required special regulation fees such as VAT and "synthetic fees".For the parcel to be released, the women would be required to send money to Efosa Lincoln Amadin via Madrid-based Liberbank SA.What links the sale of sanitiser machines in South Africa to the romance scam in the US is a cellphone number, +507.8365503, used to create the websites.The same telephone number is connected to a porn site, Hot Movs, based in Belize, Central America, and to a scam targeting the clients of financial institution Wells Fargo through the company afktpp.com.Along with LatinMail, Helpwyz, Deana Labilliere and Angellist, these sites have a phone number, a location and a domain registry in common. However, further investigation will be needed to link the scams definitively. The amaBhungane Centre for Investigative Journalism, an independent non-profit, produced this story. Like it? Be an amaB supporter, sign up for its newsletter or visit amaBhungane.org.