Publicly-available web applications typically keep an "access log" -- a log of every request made to a website or web application hit by end users including the URL path. This log is usually viewable by developers.

Aside from that, typically web applications are constantly monitored by various monitoring/alerting software like Data Dog, NewRelic, Dynatrace, Pagerduty, etc, which has the ability to constantly monitor things like the error rate and if the end user's error rate sharply increases from 1% to 10%, let's say, it will send a message directly to a developer's phone.

The thing is, the content of the access logs and the alerts generated are things that depend very significantly on end user behavior. You can literally put arbitrary content into a url and that will show up in the access log. Manipulating alerting might be more challenging, but it could be done with a coordinated group of people (a la [LOIC](https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon, though it would take a lot less traffic than a DDOS typically would).

Particularly for websites that don't offer any way to contact them, I'll sometimes drop a message to them in a url and refresh a good dozen times or so. Particularly to express displeasure. Just on the hope that someone will run across it in the access log.

• https://example.com/your_website_apparently_just_doesnt_load_at_all_in_chrome
• https://example.com/fuck_your_signup_wall
• https://example.com/I_cant_in_good_conscience_continue_to_utilize_your_service

Stuff like that. It's surprising how often I feel I have a reason to do that.

(And to be fair, the chance someone would happen across it would be pretty seriously low if a) I was just doing this on my own and b) the site got any significant amount of traffic for me to get drowned out in. I tend to take that into account when I'm doing this. Given how much traffic it gets, what time of day it is, how good the IT department is likely to be, etc, how likely is it to be seen?)

But if you can get a bunch of people involved, you can coordinate to hit one particular URL with a message in it and get a lot of 404s that might well end up in reports or alerts.

But why would you want to do this?

• Protest - A clear message to a company or other organization (government agency, whatever) that what they're doing is not ok with the people. Proof that a company has received such a message can also provide ammunition for a movement.
• Alerting employees to the bad actions of their employer.
• Just being helpful - It's entirely possible for some sites that they just don't know that some particular thing may be broken, vulnerable, or otherwise "bad" in a fixable way. And if there's not a better way to contact them, this might be the only real option. While the whole "coordinated effort a la LOIC" thing might not work, if this became a more common practice, it could be of benefit.
• Clandestine communications with employees without bosses finding out.

Good practices:

• For alerts, remember there's a human on the other end of that alert. Don't wake them at 3:00am for your political cause. Ping them at 2:00pm (their timezone.) It's cool if their boss is paying them to deal with that.
• Consider your target. Do the math. Get an idea how likely it is that what you're attempting will accomplish your goal -- get to the right audience or whatever.
• Try to make what you're doing stand-out to who you're attempting to communicate with. Put ASCII art in it. Use all caps. Put in words/phrases they're likely to be grepping for.
• Maybe use an unusual user agent if you want your messages easily grepped for. (Once you've got their curiosity, they might want to see more.)
• Consider anonymizing technologies like VPNs or Tor. Depending on your aims.
• Consider what will end up putting your message in reports to management.

Could this be used for evil? Yeah, probably. Maybe it's already being done?

• Spamming/scamming website owners. (This could get especially annoying on a large, industrial scale.)
• Head hunting/poaching employees.
• Log injection.