It could also be that your phone has some sort of MITM or packet sniffing program that is doing an insecure redirect, capturing your intended destination then sending you to it.
Could a captive portal be doing that? How would it capture my request? Maybe DNS intercept that redirects me to some of its servers before doing a redirect?
I don't think I have an app sniffing my phone. It's not rooted and it happens semi-randomly.
I don't think I have an app sniffing my phone. It's not rooted and it happens semi-randomly.