Experiment: Put a listener on port 443. Log traffic to port 443.
As far as I know this scanning is still ongoing. The src IP is assigned to the University of Michigan.
I am told if start a listener on tcp/443 you can expect to get scanned within 48 hours of when your listener first comes online.
scan data from zmap + heartbleed exploit utility = ?
