I've been blocking ICAP-IOD for a year. IMO it's a scraper.

Your range is owned by internap.com. They have a lot of ranges*. In today's cloud technology, it really depends on how many nodes the client pays for at the host. This UA can potentially come from anywhere within any internap range. Odds are they don't host other places (but it is possible.)

So... you decide whether it's best to block by UA or by range(s)

I block all internap ranges because they are server farms and many bad actors have come from there over the years - however internap also hosts a few proxy ranges (humans) so I poke holes in my rules. I also allow several beneficial private company sub-ranges hosted at internap.

*Somewhere in the Server Farm thread there should be a long list of internap ranges.

Is there any good UA and IP-ranges block list in the forum?

Beware - it is a terrible idea to cut'n paste someone else's block list and use it on your site. What is bad for one site may be benneficial for another site, and visa versa. Better to just read through the posts here at WW and decide for yourself.

Thank you for your answer, very neat and complete.

I think I'll block just the UA for now, and if I see more attacks coming from the Internap's servers, I'll start blocking also some IP-ranges gradually.

I've the following saved from Feb 2015

Internap Network Services Corporation PNAP-SEA-BLOCK3 216.223.0.0 - 216.223.63.255 216.223.0.0/18
NYJ004 iweb migration INAP-SEA-NYJ004-IWEB-MIGRATION-216-223-24-0 216.223.24.0 - 216.223.27.255 216.223.24.0/22
216.223.27.31 - - [11/Feb/2015:07:37:02 -0700] "GET /MyFolder/MySub/MyPage.html HTTP/1.1" 200 8301 "http://www.google.com/" "Mozilla/5.0 (iPad; CPU OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12B440 Safari/600.1.4"
216.223.27.58 - - [11/Feb/2015:07:37:02 -0700] "HEAD /ImgFolder/MyImage.jpg HTTP/1.1" 403 181 "-" "ICAP-IOD"

All supporting files were requested, many of which were for HEAD requests.
The Internap subnet belongs to iWeb and you could certainly deny that IP range without affecting normal users:
216.223.24.0/22

Here's a link to iWeb related Nets [whois.arin.net] (note the absence of the 216.223.24), however they (iWeb) are rapidly evolving and heavily advertising on television and I'm sure there are many more IP ranges via Clouds

The Internap subnet belongs to iWeb and you could certainly deny that IP range without affecting normal users:
216.223.24.0/22

This range contains the Onavo Proxy, so if you deny it you may be blocking "normal users" to your site.

The Internap subnet belongs to iWeb

It's actually the other way 'round. Internap bought all the iWeb ranges:

[internap.com...]