As someone on the receiving end of these, I've yet to receive any explanation. Every other week we see the most basic of attacks against our infrastructure (http floods - GET / - for example), with no specific goal in mind and we never received any threats. I can only assume it's some disgruntled user or maybe a competitor, but it could also just be stray bullets. I don't know who used these IPs before us, though it's been several years we've owned them. Who knows.