Looking at the log, it was easy to see that the compromised website attempted to execute an API hooking type of attack, which was made against a non-executable zone protected by the direct inspection ...