on the server, one of the clients had the same redirect exactly there, the
whole thing was in JS files
;document.write(unescape("%3C%73
, described in my blog

Set yourself a User agent of some mobile phone and see the source code of the page.

In addition to the htaccess file, you should search in php files for the following occurrences:
- eval
- base64_decode
- Location
- at the redirect address
In js files, you should also check for a redirect. The date the file was edited does not have to be different from the rest, because. it is not difficult to change it after editing.
In general, it is better to contact a specialist to remove malicious code and search for webshells on your server.

I highly recommend visiting the site from search engines. It doesn't matter which browser. It may also turn out that there is a redirect. And most likely it will turn out that they are already generated by the engine itself without JS.

And in the page itself there are no javascript inserts? Yes, you can change the file modification date.

I asked the author in a personal address of the site, looked. There really is a line at the end of javascript files (all) that starts with:
document.write(unescape(
all these lines must be removed, and the directory where they are located must be closed for writing on behalf of the user under which the web server is running. If the folder was created by FTP - usually it is enough to set the rights to 775.
(and the file modification date is easily faked, so you didn’t look there - but in vain)
And most likely you have a web shell flooded, you can also search for it - download yourself a copy of the site and search in PHP files the following:
eval(
/.*/e
passthru
(these lines can also be found in regular files)
But it's not a fact that you will find all the shells like this, so for reliability it is advisable to delete all files, except for pictures, and reinstall the latest version of Joomla (and all the plugins that you have).
And correctly put down the rights to the folders - in those folders that the web server can write to, you need to prohibit the execution of PHP files:
php_flag engine 0
in the .htaccess file in these directories.

I think you have DLE, I met this ... check the site files for redirects.
If DLE - look in index.php, engine/data.config.php for something with "Location:" - you will find - it will be noticeable that it is someone else's.
the redirect can be in the page header - php gives the header indicating the redirect

Track which page the redirect is originally going to, and then search through all project files with that url.

look at the meta tags

There is such an option.
Because there is a redirect for mobile platforms, then with a high degree of probability the name of the platform will appear in the code. Helped me in a similar situation

grep "android" -r ./