[chooma]

That's what got me as well. They just inject themselves in the middle of my request and expect everything to be fine.

Being this naive as ISP is just astounding. I've seen similar weirdness from socialwifi hotspots here.

[ev1]

To be entirely fair, you are in a Muslim country with heavy internet censorship. I wouldn't really call it naive as it's the nature of TLS (1.2), you can see the hostname but can't inject a page into the middle without blatant warnings. South Korea, etc all do the same thing