If you are a website owner or developer, you might assume your site is safe. However, if your website logs contain frequent requests to index.php with random strings following the id= parameter, you are being scanned.
Some lazy developers allow the id parameter to load physical files. inurl index.php%3Fid=