This is a DNS hijack, not an HTTPS hijack. The ISP's resolver sees "casino.org" in the A/AAAA query, finds it in a blocklist, and responds with an IP address to a web server that serves a block page (or a CNAME thereto).

▲

michaelmcmillan 10 hours ago | parent [-]

Which is useless if the domain had HSTS enabled, which they should.

	▲	10000truths 3 hours ago \| parent [-]
		HSTS for a domain is trust-on-first-use unless the domain is in the browser's preload list.