So you would like a report of devices that are not using a vendor specific fqdn for ntp pool?
If so I can tell you for sure the hs110 smart plug from tp-link is doing queries for just regional ntp pool.. And what drives me nuts is EU based or UK specific - and I am using their product in the US.
My current log shows it looking for
I redirect this to my local ntp..
I don't have access to is source, but just from logging its dns I can see who its asking for..