We, the IT security working group at the university of Bonn, are currently doing research on TLS libraries on the Internet. For this reason, we scan all IPv4 hosts on well-known TLS ports (e.g., 443, 993) with in a first stage with a TCP SYN scan. Afterwards, we scan all detected services with our own fingerprinting mechanism which spreads full and partial TLS handshakes over minutes. The scans are very low-profile and cause neglible load on the systems.
If you still want to opt-out, you can block incoming traffic from our scanning IPs: 131.220.240.82-131.220.240.87.
Alternatively, you can contact us with the address ranges you would like to be
excluded.