The technical reason why is because when visiting a website, the web browser has to translate the website name (aka domain name) into a number it can use to connect to; this is akin to looking up a person in your phone contacts and the phone calling the number. This is the part the ISP sees.

The actual web request would be invisible over HTTPS because as far as the ISP sees, it is a random collection of letters, numbers, and symbols (ie encryption). Only you and the web server know how to decode the information.

The web server sees a request for https://www.example.com/foo/bar?baz=bam as the following:

GET /foo/bar?baz=bam HTTP/1.1
Host: www.example.com

HTH

Yes, https hides most things but leaks the sni (server name indicator. We came up with a solution called esni (encrypted sni), but that also had issues. It didn’t have much adoption before esni got replaced with ech (encrypted hello). Cloudflare actually has a neat website to check if your browser is supporting ech.

You can learn more about it here, it’s pretty cool! https://blog.cloudflare.com/handshake-encryption-endgame-an-ech-update/

Basically, yes. It can see subdomains and domains, but the content including folders, files and query data is all encrypted in transit.