I should have turned it off. Instead, I proxied my own heartbeat through it.
Red teams building custom C2 (command & control) frameworks may embed reflect4 proxy to obfuscate attack origins. Because the reflection hides the true source, WAF (Web Application Firewall) logs show only the last-hop proxy IP. made with reflect4 proxy