I often test web sites on some random port before going live, and at times the customer calls and say "nice work" because they have found their site in Google search. So one of the biggest source for these scans are Google crawlers. I know I shouln't do that, and I'm not complaining... Within seconds after putting a site up on a random port you get scans, mostly for Wordpress exploits. Some companies will instantly put your IP in their firewall block list if you attempt to access an uncommon port, so be careful if you still surf the web via telnet.