So I asked on a forum I'm a member of about these list.txt requests and despite doing some research as well, nothing came up. It was of the opinion that it could be just a bot looking for anything that might have something of value. A lot of these bots are just dumb or just probing for vulnerabilities. list.txt is a very common phrase, so it's really hard to determine what the bot was after exactly.
Another member offered this IP table that you might be interested in.
Code: Select all
iptables -A INPUT -m string --from 40 --to 80 --algo bm --string "list.txt" -p tcp -j DROP
If you use Fail2Ban he offered code for that as well, but he mentioned it being used with Apache and you indicated that you don't use Apache.