dstiles - 6:06 pm on Jun 24, 2013 (gmt 0)
Just noticed another synapse type - may be linked to the above UA or may not (but see Lucy's note above). First record I have is January this year, currently 5 hits but may be more (I sometimes re-use a record for a wider IP range and remove UAs in doing so).
UA (recent examples):
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; SynapseWorkstation.3.2.1)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; SynapseWorkstation.3.2.1)
A plague on MS's clumsy .NET updates! But they seem to be normal MSIE browser UAs.
IPs: these seem to be normal DSL with some business (roadrunner) DSL lines.
Headers: browser-ish - not inherently suspicious.
Trapped by me only because I used the term "synapse" instead of a longer qualifier.
Trapped site URLs on my server are one local information site and one medical site only (but see note above re: possible removals). These sites are both quite popular with punters and bots whereas the basic Synapse UA hits far more than these (approx 1700 since January) and includes unusual target URLs; they also come from many countries including Europe (including "bad" countries), various African and Asian countries and USA (though relatively not many).
I found a manual for SynapseWorkstation at asti-usa[.]com (search ixquick for "SynapseWorkstation" using quotes). From this it purports to be...
"...a digital communications system that is used to link operator voice traffic between distributed sites over local or wide area data network."
In which case how did it get loose to feed on my server? And does it spin off random Synapse UAs? I have to say, having perused the manual (very briefly!) that this does not look a likely candidate for a web site hit, even using a web browser. This may not be the correct SynapseWorkstation and may be nothing to do with synapse UAs, which latter all have bad headers.
There seems to be a medical system that uses SynapseWorkstation as its identifier and this MAY explain the hits on the medical site above, which seem to be mostly USA IPs.
From fujimed[.]com (see ixquick search above)...
"Synapse is a collection of software modules built on the Microsoft® Windows® Server platform and workstation software on Windows Workstation editions, which together provide the core software functionality for Synapse - Fujifilm’s Next Generation PACS."
"Synapse Workstation Software is the multi-modality viewing software for Synapse, Fujifilm’s Picture Archiving and Communication System (PACS)."
The suggestion here is that Synapse is an image archiver (including snatching images from web sites?) although it does seem to be concentrated on the medical arena. This seems far more likely and, I think, could explain the Synapse UA as well. There is a suggestion elsewhere on this site that it could be used from a "home pc" (presumably of a medical practitioner?) so another possible tie-in. I'm still not sure of this connection between UAs, though.