In our experience, country of origin is a better heuristic for possible abuse than an individual ISP is. Most malicious traffic comes from a fairly small number of countries, many of which are the obvious culprits. That kind of data is never guaranteed accurate, though.