dstiles - 9:58 pm on Nov 8, 2012 (gmt 0)
I block a datacentre if it comes to my attention, usually because of bad activity from an IP or because of following it up from postings here. Sometimes I find some scanner hitting an FTP or mail server and I then block those as well.
I do not usually go beyond the IP's /16 in tracking down datacentre offenders. I do extend this on broadband ranges, following them down to /12 or even /11. This means that my security logs do not flag an IP as "new" - unless there is a lot of activity on such IPs I ignore them once identified.
I do not usually extend research into non-contiguous ranges, the occasional exception being china/korea.