fail2ban has been detecting large ranges of the C networks 220.127.116.11/24 and 18.104.22.168/24 trying to brute force our ssh logins.
This has been going on for weeks or even months (our fail2ban logs do not go back further than a month) even though fail2ban would temporarily block single IP addresses.
In fact there is anecdotic evidence that this has been going on for years and on a internet wide scale.
We have notified the ChinaNet contacts available via whois, but have not heard back from them.
So now those two networks have been completely blocked on an IP level.