Spurious Proxy

GordonC · December 14, 2025, 7:21am

I was recently blocked from a website with this message:
"
Access denied
Error 15
[URL]
2025-12-14 04:41:26 UTC
What happened?
This request was blocked by our security service
Your IP: 69.[xxx.xxx.xx - my actual IP address]
Proxy IP: 45.60.121.73 (ID 101214-100)
Incident ID: 1214000570654157894-453234253715344961
Powered by Imperva
"
I’m not using a VPN or other proxy for site access - Firefox is set to “Use system proxy settings”. So what is 45.60.121.73, where does it come from, and why would Imperva think it’s in the mix?? [At present I’m assuming that the supposed proxy is what Imperva is complaining about.]

KitsuneNoBaka · December 14, 2025, 8:44am

It’s incapsula which is cloud services of imperva from thales group.

www.imperva.com

GordonC · December 14, 2025, 9:11am

Ah, thanks. So it’s their proxy, not mine. I’ve been accused by some other sites of being behind an unnamed proxy, so I thought that was the case here also.

solene · December 14, 2025, 9:45am

Maybe you share your ipv4 with other customers of your ISP with CGNAT.

Atrate · December 14, 2025, 9:58am

In general, I’ve noticed that websties have been growing overzealous in blocking whole IP blocks/ASNs to “protect” themselves from VPN users/bots, Youtube being one of the worst offenders.

KitsuneNoBaka · December 14, 2025, 11:15am

This imperva company offer website traffic and ddos protection so for sure they blacklisted whole IP range of your ISP.
To circumvent this use VPN - some have 1 connection in free plans i which you can chose end server manually so you can chose endpoint that works with said website.

GordonC · December 14, 2025, 11:36am

I don’t think so. I’m in an apartment building served by Comcast - so they could - but I’ve read that they don’t use it and have a lot more IP addresses than customers right now. And various sites tell me my IP address is what my router is assigned.

GordonC · December 14, 2025, 11:44am

I got a lot of flak last spring from CloudFlare-based sites for I think the same reason. VPN might be the way to go, but I thought that added a proxy layer. And many sites apparently block a large number of VPN exit points.

At least I’m confident now that there isn’t something weird going on within my own networking stuff.

KitsuneNoBaka · December 14, 2025, 11:58am

Yes, maybe they have more IPs that customers but static IP addresses are paid extra. And with dynamic one they rotate among customers. Few of them might had malicious software might be used for ddos attack so at least those IP are blacklisted.
And since Comcast have more addresses than customers then this “bad” IP might stick to you for longer.
Power of your Comcast modem/router for hour or two and check if your IP changed (dns lease could be bigger than that so it would require to power down router for more than 12h).
Faster solution is to use vpn thou.

solene · December 14, 2025, 12:10pm

With CGNAT your public IP is the one you see on the router, but they share one with multiple customers by splitting ports ranges.