> We have received the appended list of possibly compromised or
> misconfigured
> IP addresses within your network range. The following reports are
> available
> and are appended as a zipped text file:
>
> bot:
> This report contains IP addresses of systems most likely infected
> with malware / botnet clients. Most IP addresses are detected
> when
> the malware tries to contact a captured Command & Control server.
>
>
> scanners:
> The system has been reported as widely scanning the network.
> This likely means the system has been compromised, but network
> scans can also originate from legitimate but misbehaving users.
>
>
>
> The format of the appended file is:
> IP address | time (GMT) | report | remark
>
> Timestamps are given in GMT. Please check the systems at these IP
> addresses for problems according your policies and procedures.
>
> For any questions about these reports, or to change your contact
> details mail to
> cert@switch.ch
> 179.43.128.112 | 16.07.2016 08:51:12 | bots | srcport
> 51611
> mwtype virut destaddr 148.81.111.121
> 179.43.128.112 | 17.07.2016 01:11:11 | bots | srcport
> 54432
> mwtype virut destaddr 148.81.111.121

This is the 2nd official complaint of this type in the last 48 hours. Whoever is responsible is causing users sessions to be dropped due to the high CPU load required to handle all of his sessions. Unfortunately, until this behavior stops new Layer 7 rules will go into place network-wide.

Update: 7/29/2016 the user responsible for these abuse reports has been caught scanning for networks with open vulnerabilities. His account has been terminated.  

Also Read

UK SPAM Complaints phone4profit.com
Received: from [149.255.111.222] (HELO phone4profit.com)by inbound.appriver.com (CommuniGate Pro...
California - Open Resolver DDoS
You appear to be running an open recursive resolver at IP address 199.241.145.147 that...
brute force attempt
> Your IP address [162.253.128.212] has been blocked for attacking sshd > on our network....
Network attack received from an IP on your network
Hi, We have detected a network attack from an IP ( Redacted ) from your network, a computer...
New Jersey - DDOS from 108.61.1xx.xxx
Recently, we have detected a DDOS attack from 108.61.1xx.xxx:53. Based on the source port number,...