Is anyone familiar if this is some type of attack? I see a lot of these on logs.

Latest response

[08/May/2018:10:30:41 -0500] 50.79.xx.xx TLSvx.x ECDHE-RSA-AES256-GCM-SHA384 "GET /java_version.jnlp HTTP/1.1" 905

Responses

It looks like someone is scanning your website to see if the "Java Version Display Applet" is available.

If your website is advertising that you're using an old version of Java with known vulnerabilities, presumably the person scanning could use that knowledge to exploit those known vulnerabilities.

The source IP could be a curious person like a researcher, could be a security firm which your organization has paid to scan your environment, or could be a malicious party.

If you determine the traffic is unexpected and may be malicious, you might talk to your network team and block the IP or the IP range further up the network.

Thank you so much Jamie. This is helpful info.