"IP from a datacenter" doesn't work in practice to detect VPNs.

At work we set up a compliance-related service recently and used the AWS WAF rules to block known datacenter ranges with the goal of blocking bots and VPNs.

We had to disable that rule almost immediately because a large majority of VDI (Virtual Desktop Infrastructure) solutions are hosted in or at least egress from big cloud providers.

It wasn't possible to block AWS/GCP IP ranges without also blocking legit usage from real customers.