Yeah I did. I run a niche site that gets about a thousand hits a day. It has a cgi that uses bash. I've got logs going back to January, and the first (and so far only) attempted exploit is from shellshock-scan yesterday. It came after the first bash patch, which I had applied, and did not succeed.
How complete is your log? Does it log every header, or just User-Agent?
Now that the exploit is public, people don't care anymore, but anyone who knew about this bug and tried to exploit it before it was public would be careful to avoid using a commonly-logged HTTP header.
