What is this weird certificate transparency entry for Google?

Question

Checking on crt.sh for google.com I can see this entry https://crt.sh/?id=39021015Does anybody know why those weird characters are in the common name field?What is this phreedom.com domain that's after the xn- encoded section?

notpushkin · Accepted Answer

Probably a phishing link designed to look like www.google.com. I think it was a test, to look how does it display in browsers (unsurprisingly, Firefox highlights the phreedom.org part, so it's obvious something fishy is going on; I think Chromium does that as well).

LinuxBender · Answer

Not sure but VT doesn't like it [1] Appears to have been removed from AWS DNS. VT does not like the apex either [2] Perhaps part of a demo performed by Alexander? [3][1] - https://www.virustotal.com/gui/url/44aee01626790742c6ab6ed41...[2] - https://www.virustotal.com/gui/url/250dc073e7493fcecd6337834...[3] - https://en.wikipedia.org/wiki/Alexander_Sotirov