It's possible. (Depending on how strictly you define "have fail2ban do this.") Doesn't strike me as a particularly fruitful waste of time, though.
Basically, you'd take your whois
to get the domain owner, and send an email to abuse@[domain].[tld] to let them know that someone on one of their hosts is trying to gain unauthorized access to your system, and attach the logs, presumably. (You could also send one to the email in the whois, as you suggest, but that's even less likely to reach anyone who cares or can do something about it.) You'd have to hope that:
abuse
is the right address (you could try other ones, but that would be the most common by far) and is monitored. (Same of the email address listed in the whois - if it's not valid or not monitored, you're wastign your time right off the bat.)
- The host gives a damn.
- The host isn't in on it.
- The host has an abundance of free time to track down the naughty user.
- The host has the technical ability to track down the naughty user.
- The naughty user doesn't immediate switch hosts/compromised systems and carry on unimpeded.
Any one of those conditions being false guarantee that you're completely wasting your time, and in my experience, 2, 4, 5, and 6 are almost always false, so what you're looking to so is a complete waste of time, unless you're looking to use this as a learning experience to become a better scripter.