I don't think their scans are more complicated than anyone could generate via metasploit, or worse a moderately good security engineer would likely run after pentesting your site for hours. If your site get whacked by non malicious intent payload, you should thank them that they prevented anyone fro directly starting with malicious intent.