I saw it too, in both Firefox and Chrome, but then it quit when I started trying to pinpoint the source. Then I got pulled away and couldn't post my findings, but I'm back now.
It could have been a DNS hijack on the domain of one of the included JavaScripts, which could explain why nothing showed in the jpsoft.com logs.
In case it helps, it was a popunder that initially went to "http://s1w. us/sketchytest2" (space added to purposely break the link because it still does its thing), which then forwards through a couple iterations of Google search looking URLs, and ultimately landing at shoemoney .com (space added again).
It's no big surprise that ShoeMoney is a money making scheme, and a search for the words "shoemoney scam" results in a plethora of hits on the subject. Who'da thunk, being scammed by the site that's supposed to help you scam others.