I host this website to try and demo ECHConfig's with a public_name NOT equal to the actual domain name I own.
I believe as a server operator, this is a good tactic to "hide" my website behind SNIs of popular / generic websites. It can also expose ISPs or Governments performing SNI based blocking.
However, it should be acknowledged, that anyone who owns the domain name being "faked" in the ECHConfig, could technically MiTM the TLS handshake, but only to the extent of decrypting the ClientHelloInner,
not actually being able to impersonate the true origin.
Here are some SNIs on different ports you can try - you can use Wireshark to determine which SNI your browser is using.
Note: Firefox incorrectly uses the default HTTPS ECHConfig for all ports. Google Chrome correctly uses Port Prefixed lookups for the HTTPS DNS record, so I would suggest use Google Chrome for testing. Alternatively you could enable the feature in Firefox to use this setting. Read more here: Mozilla Bugzilla #1860038
This service is provided using a forked OpenSSL & nginx thanks to sftcd
A very hacky howto of how I did it specifically is available here.
Why this domain?
Well initially I used this domain on this VPS to create a testcase for TLS renegotiation to illustrate a potential bug in Node.JS,
since badSSL can't support some kinda custom TLS response.
Since it was already configured to point to this idle VPS, I thought might as well use it for other ECH stuffs.