At work, I opened up port 80 on a machine and started running a web server. Checking the logs shortly thereafter, I saw that someone was probing the web server for vulnerabilities, and I recognized from the IP that it came from within my organization.

Preparing to report it to our security group, I did a reverse DNS lookup on the IP.

It was the security group’s automated vulnerability scanner.