Further to the synapse UA:
Half way through the third day of the month. I have, for the previous two and a half days, had synapse be responsible for 51 out of 135 new IP bans. This is a very high proportion.
Of IPs already banned, either by IP (possibly but not necessarily through one of the above hits) or by range, there have been a further 105 synapse hits.
Most of these, as noted above, were from broadband ranges, although a few were from servers and some were indeterminate (possibly static IP ranges).
A high percentage of the hits were to one (genealogy) site, aiming for files ending in .ged rather than real pages. Since I've seen references that say this is an XML tool this is feasibly a legitimate access (though mistaken - these are genealogy gedcoms). Against legitimacy is the fact that few of the gedcoms (for example) would be of interest to residents of most of the source countries - these are of most interest to UK/AU/CA/US residents, not Eastern Europe and Asia). I suspect the high number of .ged hits were due to file-extension "scraping" from SEs - I can think of no other way of getting such accurate hits, although I may be missing something. If this is true then synapse is certainly being used for scraping attempts against a perceived useful (though actually useless) file.
The few hits not to gedcoms were to health and local history sites, to .ASP pages generally with querystring definers (eg health?pid=medname). I can't see why this should be regarded as a possible XML file but a thought occurs that if an ordinary bot were rejected then synapse may be employed instead.
Yet another possibility is that the tool is fairly legitimate and part of either some web browser or browser plug-in, and as such the user is not really aware of it.
However it works out, synapse is causing me more work in determining whether each rejected UA should be permanently blocked (server farm) or whether to give it benefit of doubt as a legit broadband range. Not a LOT of work, granted, but enough to be annoying.