You might be able to tackle this with Host IPS but you are going to have a really hard time tracking it. I would recommend doing this at a network level with a web gateway or DNS server. You say you don't track it... uh... why not? Alternatively you can probably get a lot further with some unobtrusive logging/blocking with Site Advisor. It would be much easier pursuing those methods. Hopefully one of those would save you a lot of hours.
I realize I didn't answer your question but sometimes you need the right screwdriver for that nail.
Can this be set up in HIPS to record the URL or to at least pop on these events?
HIPS cannot be setup to perform this request.
I know there are HIPS rules you can configure GET requests,These are for Host IPS signatures on IIS & Apache server GET requests; not client outbound HTTP GET requests.
I have to ask because the DNS Blocking hits are not reported centrally.
Hmmm....this seems difficult to knock out.....or is it impossible?
HIPS may not be the right tool for the job, I think.
But HIPS does do packet captures
Using the Capture feature in Host Intrusion Prevention (Host IPS) creates a file on the local computer when a Host IPS signature is triggered. This file is named Firepacket#.cap (where # represents a number appended to the filename).
What are we supposed to do with those?
Those are only captured as part of the 19 network signatures. Our Host IPS product is primarily a tool to catch one program interfering with another through the use of APIs --- not packets. This is really the wrong tool for what you are doing.