Phishing Mail AppleID

I got the following phishing email from “Apple”:

Your ApрIe ID ( xxx ) was used to sign in to other device. Date and
Time: 16 August 2017, 04:28 PM (GMT+10) Operating System: Linux

If you have not logged in recently and feel someone is logged in to
your account ,go to ApрIe ID ( Verification your account ) and update
your account.

ApрIe Suρρort

The “Verification your account” text contains a hyperlink to https://t.co/ccFy4cn8jr?=redirect.

When I click that link I get redirected to what looks like the official Apple website. How is this possible? Has the t.co link been adjusted/modified/redirected to protect people from going to the malicious website?

When I submit the HTTP request I receive the following response:

<head>
    <noscript>
        <META http-equiv="refresh" content="0;URL=https://appleld.apple.com.3c8fcfcffe480bc910-verify.info/?adu">
    </noscript>
    <title>https://appleld.apple.com.3c8fcfcffe480bc910-verify.info/?adu</title>
</head>
<script>window.opener = null; location.replace("https:\/\/appleld.apple.com.3c8fcfcffe480bc910-verify.info\/?adu”)</script>

Visiting https://appleld.apple.com.3c8fcfcffe480bc910-verify.info/?adu correctly triggers a “Malicious site detected” warning, unlike clicking the original t.co link.

What is happening here? Why does clicking the t.co link take me to the legitimate Apple website, when I should instead be redirected to a phishing website? Is it possible I am done any harm here caused by cross site scripting? Or is it only redirecting to a fake website?