Oh yeah, you can totally see the malicious code at the very bottom of the HTML you pasted. That whole last block of JavaScript right before the end body tag. This part in particular is probably what caused your pop-up:
Code:
window.event;doOpen("http://helpcenterforall.bid/index/?MCPKV8")
You're right, it is really hard to get it to trigger. I was only able to get it using a fresh Edge browser once (subsequent visits didn't have it), but when I did get it, it had that same malicious JavaScript block as in your paste, causing this:
https://imgur.com/a/6ADUf
On the other loads, that JavaScript block doesn't appear.
Nice catch, thanks. I'll pass it along to management.