Webflow of a client that browses a website “example.com” over HTTPS, while the ISP is a MitM. First, a DNS request is sent and the corresponding DNS response is received. Next, a TCP connection to an IP in the DNS response is initiated. Furthermore, a TLS handshake is performed and, finally, the actual HTTP data are sent in application data records.