Google haciendo cosas de Google. Llevo días volviendome loco con esto, y era CHROME

Chrome 63 (out since December 2017), will force all domains ending on .dev (and .foo) to be redirected to HTTPS via a preloaded HTTP Strict Transport Security (HSTS) header.

Update 07/02/2018: Firefox now also forces .DEV domains to HTTPS.

https://ma.ttias.be/chrome-force-dev-domains-https-via-preloaded-hsts/