Sample report

What you get back, 60 seconds after you upload.

This is a fully anonymized example built from a real 7-day Windows DNS export. Yours will look identical — your data, your devices, your branding.

Run yours

DNS Visibility Assessment

Sample DNS Dataset

Generated Jul 14, 2026 · 2,418,332 queries · 312 devices · 7-day window

Sample

DNS activity overview

Total DNS queries

2,418,332

Unique domains

18,204

Unique clients

312

Avg queries / client

7,751

Most active client

WS-ENG-014

Most queried domain

chatgpt.com

Top categories:AI tools · 9Shadow IT · 14DoH bypass · 2Newly registered · 4

AI tools in use

Shadow-IT apps

DNS security findings

Observations

47 devices resolved ChatGPT-related domains in the last 7 days.
TeamViewer and AnyDesk activity was observed on 6 endpoints.
12 devices queried newly registered domains. Review legitimacy and business justification.

Application visibility

Top applications observed in the uploaded DNS data. Metadata-classified entries use the application name reported by your upstream system; signature entries fall back to domain matching.

Application	Category	Devices	Queries	% of total	Source
Google Search	Search	287	412,804	17.07%	metadata
Microsoft Office	Productivity	271	318,104	13.16%	metadata
iCloud	Cloud Storage	142	188,402	7.79%	metadata
YouTube	Streaming	198	162,188	6.71%	metadata
Azure Cloud Services	Cloud	158	144,910	5.99%	metadata
Microsoft Defender Antivirus	Security	268	121,544	5.03%	metadata
Google Play	App Store	96	88,122	3.64%	metadata
ChatGPT	Generative AI	47	18,432	0.76%	metadata
TeamViewer	Remote Access	4	412	0.02%	metadata

Category distribution

Query volume grouped by application or domain category, taken directly from the uploaded dataset.

Search488,204 queries · 20.19% · 298 devices · 4 apps

Productivity401,812 queries · 16.62% · 281 devices · 7 apps

Cloud Storage312,104 queries · 12.90% · 218 devices · 6 apps

Streaming204,812 queries · 8.47% · 211 devices · 5 apps

Cloud188,204 queries · 7.78% · 198 devices · 8 apps

Security142,904 queries · 5.91% · 271 devices · 3 apps

CDN138,502 queries · 5.73% · 304 devices · 6 apps

Collaboration98,188 queries · 4.06% · 184 devices · 5 apps

Development72,004 queries · 2.98% · 64 devices · 9 apps

Generative AI41,022 queries · 1.70% · 88 devices · 9 apps

AI tool findings

Each detection is a match between observed DNS queries and a curated signature for the named tool.

ChatGPT · OpenAI

Jul 8 → Jul 14

high

Devices: 47
Queries: 18,432
Supporting domains: chatgpt.com, openai.com, oaistatic.com
Example devices: WS-ENG-014, WS-MKT-022, MAC-EXEC-001

Claude · Anthropic

Jul 9 → Jul 14

high

Devices: 12
Queries: 4,211
Supporting domains: claude.ai, anthropic.com
Example devices: WS-ENG-014, WS-ENG-007

Gemini · Google

Jul 8 → Jul 14

high

Devices: 24
Queries: 6,502
Supporting domains: gemini.google.com, generativelanguage.googleapis.com
Example devices: WS-MKT-022, laptop-22, workstation-01

Cursor · Anysphere

Jul 10 → Jul 14

medium

Devices: 4
Queries: 1,287
Supporting domains: cursor.sh
Example devices: WS-ENG-014, WS-ENG-007

Windsurf · Codeium

Jul 12 → Jul 14

medium

Devices: 2
Queries: 612
Supporting domains: codeium.com
Example devices: WS-ENG-007

Perplexity · Perplexity

Jul 8 → Jul 14

high

Devices: 9
Queries: 1,944
Supporting domains: perplexity.ai
Example devices: WS-MKT-022, MAC-EXEC-001

DeepSeek · DeepSeek

Jul 11 → Jul 13

medium

Devices: 3
Queries: 421
Supporting domains: deepseek.com
Example devices: WS-ENG-014

Copilot · Microsoft

Jul 8 → Jul 14

high

Devices: 31
Queries: 7,810
Supporting domains: githubcopilot.com, copilot.microsoft.com
Example devices: WS-ENG-014, WS-ENG-007, WS-MKT-022

Midjourney · Midjourney

Jul 12 → Jul 14

low

Devices: 2
Queries: 188
Supporting domains: midjourney.com
Example devices: WS-MKT-022

Shadow IT findings

Dropbox

File sharing

medium

Devices: 18
Queries: 3,902
Supporting domains: dropbox.com, dropboxusercontent.com
Example devices: WS-MKT-022, WS-FIN-008

Recommendation · Confirm whether personal Dropbox accounts are sanctioned for file transfer.

WeTransfer

File sharing

medium

Devices: 11
Queries: 1,204
Supporting domains: wetransfer.com
Example devices: WS-MKT-022

Recommendation · Review for one-off large transfers leaving the network.

Notion

Productivity

low

Devices: 22
Queries: 2,810
Supporting domains: notion.so
Example devices: WS-ENG-014, WS-MKT-022

Recommendation · Confirm whether usage maps to a managed workspace.

Discord

Messaging

medium

Devices: 14
Queries: 3,188
Supporting domains: discord.com, discordapp.com
Example devices: WS-ENG-007

Recommendation · Validate against acceptable-use policy; restrict if not sanctioned.

TeamViewer

Remote access

high

Devices: 4
Queries: 412
Supporting domains: teamviewer.com, ping.teamviewer.com
Example devices: WS-FIN-008, MAC-EXEC-001

Recommendation · Confirm ownership and business justification. Block at the resolver if unowned.

AnyDesk

Remote access

high

Devices: 2
Queries: 188
Supporting domains: anydesk.com
Example devices: WS-FIN-008

Recommendation · Investigate remote-support usage; restrict to approved tooling.

Google Drive (personal)

Storage

medium

Devices: 9
Queries: 1,402
Supporting domains: drive.google.com
Example devices: WS-MKT-022

Recommendation · Differentiate personal vs. workspace Drive accounts where possible.

DNS security findings

Detections derived from DNS query content, response codes, and curated indicator feeds.

Newly registered domains

12 devices contacted newly registered domains

high

Endpoints resolved domains registered within the last 14 days. NRDs are a common phishing and stage-1 malware indicator.

Affected devices: WS-MKT-022, WS-FIN-008, MAC-EXEC-001, +9 others
Query volume: 230
Example domains: secure-login-portal.xyz, account-verify-now.top, ms365-auth.click
Recommended action: Review legitimacy and business ownership. Block at the resolver if unowned.
Evidence: Domain match against the WHOISDS newly-registered-domains feed (rolling 14 days).

DNS-over-HTTPS

DNS-over-HTTPS bypass detected on 7 devices

medium

Direct resolution against public DoH endpoints bypasses corporate DNS filtering and logging.

Affected devices: WS-ENG-014, WS-ENG-007, +5 others
Query volume: 3,916
Example domains: 1.1.1.1, dns.google, cloudflare-dns.com
Recommended action: Block outbound 853/DoH endpoints at the firewall and enforce browser DoH policy.
Evidence: Query destinations match a curated list of public DoH/DoT resolver hostnames.

NXDOMAIN activity

Unusual NXDOMAIN volume on 3 endpoints

medium

Three endpoints generated NXDOMAIN responses at a rate well above the baseline.

Affected devices: WS-ENG-014, WS-FIN-008, WS-MKT-022
Query volume: 612
Example domains: —
Recommended action: Review for misconfiguration, failed lookups, browser extensions, or unusual DNS behavior.
Evidence: Per-device NXDOMAIN count exceeds the 50-response threshold across the observation window.

Top clients

Client	Queries	Unique domains	% of total	Note
WS-ENG-014	84,201	1,842	3.48%	Developer workstation
WS-MKT-022	41,812	902	1.73%	Heavy SaaS user
MAC-EXEC-001	22,104	612	0.91%	Senior staff laptop
WS-FIN-008	18,904	421	0.78%	Finance — review remote access

Top queried domains

Domain	Category	Devices	Queries	First seen	Last seen
chatgpt.com	AI tool	47	12,481	Jul 8	Jul 14
githubcopilot.com	AI tool	31	7,810	Jul 8	Jul 14
gemini.google.com	AI tool	24	6,502	Jul 8	Jul 14
claude.ai	AI tool	12	4,211	Jul 9	Jul 14
dropbox.com	Shadow IT	18	3,902	Jul 8	Jul 14
discord.com	Shadow IT	14	3,188	Jul 8	Jul 14
1.1.1.1	DoH bypass	7	2,104	Jul 8	Jul 14
dns.google	DoH bypass	5	1,812	Jul 8	Jul 14
secure-login-portal.xyz	Newly registered	4	142	Jul 12	Jul 14
account-verify-now.top	Newly registered	3	88	Jul 13	Jul 14

Recommended next steps

Review newly registered domains for phishing and stage-1 droppers.
Confirm ownership and business justification for remote-access tools.
Investigate endpoints generating excessive NXDOMAIN responses.
Validate DNS-over-HTTPS usage and enforce a corporate resolver policy.
Reconcile AI tool usage against your acceptable-use and data-handling policy.