No clue of the required procedure at RIPE-Whois, there may be a method, however and over the years I've been unable to determine same.
At ARIN-Whois, you take the acquired IP in hand, 1) do a search and the registered name of Steephost would appear; 2) take that appeared registered name and perform a second search, which results in ALL IP ranges (this procedure fails at RIPE).
It's a possibility that at RIPE one of the many flags are required.
Anything that can be determined to be a server range should be banned in my book. It may be as small as /24 or it can occasionally be as big as /15 but if it's servers it's blocked.
Which is not to say I have all of them: I'm still picking up one or two server ranges a day but usually these are either very small ranges (less than /21) or are very well managed so do not get infected or abused.
Anything that can be determined to be a server range should be banned in my book.
The cover of my book says that in VERY BERRY BIG RED Letters as well, however I tend to serve a soft 403 when the amount of attempts is below an allowable threshold, meaning the visitor is server a blank page(with a 403) that contains a single <div> that includes linked JQuery file that populates that <div> with a form that needs to be submitted to gain the access to the site. Call it Cloaking, don't care, if the range's been spotted as HOSTING/Colo ---> cold beans served then.
This way if the range in question gets transfer to a diff company I could make a decision whether unblocking it is the right thingy to do.
I feed a 403 - mine is an ASP server - with no form. I do serve a form if a "broadband" IP has been auto-blocked, which happens a LOT because of compromised "home" machines. They get blocked on the IP for a few days with a form asking for deliverance, but almost no one submits one nowadays.