Outdated ntp client seen

From tcpdump message, I see ntp clients using ntpv1, which is very outdated version, is it normal, or it is a malicious activity?

Also see table 4 in this NIST publication https://tf.nist.gov/general/pdf/2818.pdf

If you don’t like these outdated clients, feel free to block them all using version flag inside your restrict commands.