The purpose of a VPN is to encrypt data between your Internet connection point (PC/phone/tablet/router)
and the VPN exit node. This has the effect of "going dark" on your ISP - they can only see that traffic is going between your router and the VPN exit node, and that the traffic is encrypted. The data is decrypted back into its original form as it exits the VPN server, and makes its way to the intended destination.
To build upon the above: if that original form is HTTP (or any other plaintext protocol), anyone (including the VPN provider) sniffing between the exit node and the destination will be able to read everything
- destination, source and all headers and content. If the original form is HTTPS
(or any other TLS-encrypted protocol), observers will be able to see the destination and source IP addresses, but the payload (headers and content) will be encrypted.
The part you appear to be missing - based on what you've written - is what happens when your request
finally makes it to the target website. That part is actually very simple: your request gets logged
. I would guess part of the website code is parsing the logs looking for HTTP headers known to carry cell phone numbers. Doesn't take much effort, to be honest.
Out of curiosity, point your cell phone browser(s) here
, click on the link for the headers and see what you get.