PART 2: I Published a Scam Expose. NetEase Sent a Takedown Request. Then They Rewrote Their Entire Operation.

A forensic follow-up investigation into a suspicious influencer marketing campaign by NetEase's Youdao Ads division. Using standard OSINT tools (dig, whois, curl, openssl), the author documents an 18-day timeline showing: SSL cert issued before the campaign, WHOIS records updated 3 days after the original exposé, the platform going live on the same day a takedown request was sent, and a dramatic shift in outreach email tone that directly addressed every red flag raised in Part 1. The investigation also highlights divergent trust scores between paid and unpaid reputation platforms, behavioral tracking via Microsoft Clarity active before user consent, and the discovery that the platform was originally built for the Chinese market. Key security lessons include: email authentication confirms origin not intent, infrastructure legitimacy doesn't equal operational legitimacy, and trust score platforms have varying business models that affect their reliability.