Follow up on this.
They use this service: https://www.brightcloud.com/tools/url-ip-lookup.php
Which list the affected IP in 'high risk' category 'proxy'.
I opened a case with them to find out the cause.
They delistet 157.161.57.65 but not 157.161.57.70. Maybe I should change the PTR of the later one :-). That only was an exit for very short time (immediate abuse complaints).
Also 'Tor' is a separate category. So if my experiments with Tor triggered that issue, why didn't they list it as 'Tor' which they have as a category.
Another cause might be, that I use a transparent proxy to cache some content in my LAN. But that only is accessible from my LAN, but of course this might inject HTTP header indicating the proxy connection.
Also L2TP and PPTP is accessible, so I can access my private ipv4 space from outside. So did they scan for those services and flag it as 'proxy'?
I'm looking forward for their reply.