That's a fragile solution at best. One update could change the IP/hosts of the data harvesting servers.
Surely the data will be transmitted using TLS or equivalent; HTTP logging won't do you much good unless you can (a) MITM the TLS setup, or (b) extract the keys that the spyware is using.
Surely the data will be transmitted using TLS or equivalent; HTTP logging won't do you much good unless you can (a) MITM the TLS setup, or (b) extract the keys that the spyware is using.