Please explain further as you’ve only provided half the story:
- What are the other IP addresses that you found related to the Google DNS servers?
- What is the “certain application” as the application names have been overwritten in both your original and updated images?
Perhaps you don’t understand why DNS name resolution services works differently to most other network traffic. That is because the Domain Name System (DNS) is the primary directory system for the Internet, i.e. like a phone book.
The screenshots you show are entirely consistent with the use of an IPv4 DNS name resolution service:
- 126.96.36.199 is the primary Google DNS server which has only received 9.7KB of traffic and responded with 13.3KB of traffic.
- 188.8.131.52 is the secondary Google DNS server which is used much less frequently as a fallback to the primary server so it has less traffic: received 0.04KB up and responded 0.01KB
Each of those IP addresses are not one physical device but many servers located in Google datacentres around the world. WIkipedia explains this:
The addresses are mapped to the nearest operational server by anycast routing.
I’m presuming that you have found the IP addresses of the actual node on the Google network that is resolving the DNS query. So here’s a list of the IP addresses for those locations - note that this may not be up-to-date simply because new locations are often being added as Google Cloud expands.
Are the additional IP addresses you found on that list? If so, then what GlassWire is logging is correct because it is the IP address that the DNS query was sent to that should be logged not the actual.IP address of the server resolving the name.