What does it mean when an IP-address starts with fra and ec?

Question

Edit: So apparently these are not really IP-addresses but rather hostnames.

I tried out the netstat to find any suspectful connections and then I found quite some remote-addresses that were really weird to me, for example the following:

1. ec2-3-235-82-211:https
2. fra24s07-in-x0a:https
3. g2a02-26f0-0300-0000-0000-0000-5c7a-f589:https
4. wm-in-xbd:https and
5. 156:https

I was wondering what any of these mean and also what the in means at 2. and 4.?

Answer 1

Those are not IP addresses. They are hostnames that come from reverse DNS resolution, with most of the name cut off due to how netstat presents them. By passing --notrim you should be able to see the full hostnames. Alternatively, passing --numeric will disable hostname resolution altogether.

Taking a guess:

1. 3.235.82.211, hosted on Amazon EC2. Looks like it's owned by Zoom (checked https certificate)
2. fra24s07-in-x0a.1e100.net, google infrastructure of some kind (I googled the fra24s07-in-x0a string, and 1e100.net is google owned). Going to that url over https gives me a google 404 page.
3. 2a02:26f0:0300::5c7a:f589, an IPv6 address, used by Akamai (a content delivery network provider), found by going there and seeing the HTTPS certificate
4. Unclear. Maybe wm-in-xbd.1e100.net (another google IP); going to that url over https gives me a google 404 page.
5. Unclear