In one week running on www.nethserver.org, fail2ban has triggered 30 times, 21 on apache (scan, fake bots) and 7 on ssh, plus 2 recidives. Offenders were from China, France, Korea, Ukraine, USA and Mexico. Some scans repeat every 2/3 days, those may be "legitimate" research projects, I didn't investigate further.
Next step could be installing on a mail server, maybe mail.nethesis.it is a good candidate.