Comments 2 Posted In Red Hat Network Tags apache Is anyone familiar if this is some type of attack? I see a lot of these on logs. Latest response 2018-05-10T14:31:40+00:00 [08/May/2018:10:30:41 -0500] 50.79.xx.xx TLSvx.x ECDHE-RSA-AES256-GCM-SHA384 "GET /java_version.jnlp HTTP/1.1" 905 SG Started 2018-05-09T14:06:18+00:00 by Shisheer Guragain Pro 765 points Log in to join the conversation Responses Sort By Oldest Sort By Newest Red Hat Guru 8207 points 9 May 2018 11:37 PM Jamie Bainbridge It looks like someone is scanning your website to see if the "Java Version Display Applet" is available. If your website is advertising that you're using an old version of Java with known vulnerabilities, presumably the person scanning could use that knowledge to exploit those known vulnerabilities. The source IP could be a curious person like a researcher, could be a security firm which your organization has paid to scan your environment, or could be a malicious party. If you determine the traffic is unexpected and may be malicious, you might talk to your network team and block the IP or the IP range further up the network. SG Pro 765 points 10 May 2018 2:31 PM Shisheer Guragain Thank you so much Jamie. This is helpful info.