I am assisting a friend at present, with an issue involving IPs constantly attacking his servers, and noted during one of his recent updates, that alot of them were HostNOC - turns out, there's quite the list of them (ignoring the others from known criminal networks). All are RFI etc, and all are already being blocked by ZBBlock (a script written by my friend Zaphod).
The problem here, is HostNOCs (aka Burst.Net) lack of ability in both detecting malicious traffic originating inside their own network, and the sheer amount of frustration in dealing with their abuse department, both via e-mail, and via phone.
I'm in the midst of determining whether these are dedicated criminal servers, or compromised servers (I'm already aware of several black hat "hosts" that have space within HostNOC/Burst IP space, most of course, being run by kids that frequent hackforums.net and the like), but in the meantime, for those of you that want the list of IPs and see what they're doing, the following is the log data for them;
The plain IP list;
This of course, doesn't cover the rest of the malicious content across HostNOC/Burst IP space - but that's for another time.