Well seen from the past and further IDS alerts the java malcode came via a *.tk domain, clearly hostile
probably we would have found a “ET CURRENT_EVENTS HTTP Request to a *.tk domain” alert…just my likely speculation.

NoScript is a known script blocker add-on/extension for the firefox browser. For Google Chrome use ScriptSafe extension with Better PoP Up Blocker extension,

polonus