The IP addresses associated with *.cloudfront.net hostnames do indeed have the format you described:
iii-ppp-aaa-ddd.locNN.r.cloudfront.net
For example:
server-13-32-14-48.muc51.r.cloudfront.net
However, the mappings from distribution hostnames to the underlying IP addresses is not 1:1. The IP addresses returned for any dxxxexample.cloudfront.net hostname (they always start with d for web distributions) are not unique to that hostname.
In the example, above, the only information you can learn from this hostname is muc51, which indicates that the request will be handled by a Munich, DE edge location. (The 51 is a numeric but opaque identifier that apparently has no direct, semantic, external meaning.)
There is no correlation between IP addresses and hostnames that are served by that IP address, because CloudFront uses SNI and/or the HTTP Host header to determine which site is being requested in almost all cases. (The possible exceptions to this do not merit additional consideration, since it is still not possible to determine who is behind the addresses.)
Note also that the particular IP addresses you'll receive if you do a DNS lookup of a *.cloudfront.net hostname will vary based on your location, when you do the lookup, because CloudFront uses the DNS response to send your browser to a nearby edge.
tl;dr: the identity of the entity controlling the particular *.cloudfront.net hostname is not discoverable.
If you have a security concern or abuse complaint, contact AWS. See https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/ or https://pages.awscloud.com/Security-Contact.html.
