I host this website to try and demo ECHConfig's with a public_name NOT equal to the actual domain name I own.
I believe as a server operator, this is a good tactic to "hide" my website behind SNIs of popular / generic websites. It can also expose ISPs or Governments performing SNI based blocking.
However, it should be acknowledged, that anyone who owns the domain name being "faked" in the ECHConfig, could technically MiTM the TLS handshake, but only to the extent of decrypting the ClientHelloInner,
not actually being able to impersonate the true origin.
Here are some SNIs on different ports you can try - you can use Wireshark to determine which SNI your browser is using.
Note: Firefox incorrectly uses the default HTTPS ECHConfig for all ports. Google Chrome correctly uses Port Prefixed lookups for the HTTPS DNS record, so I would suggest use Google Chrome for testing. Alternatively you could enable the feature in Firefox to use this setting. Read more here: Mozilla Bugzilla #1860038 This has been fixed as of Firefox 133.