Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server.
Very good write-up, astounding fails on Cox’s part, but at least the responsible disclosure and remediation process was by the book which earns them points again.