Hi Tricia,
The redirects are coming from malware injections into the hosted ads. Your site itself isn't compromised, but the ads displayed on your site are. This means the ad server company you have contracted with to host these ads is either compromised or they are knowingly allowing malicious ads to be served up to your website. I'm not sure that having a time stamp and IP address will help you get to the bottom of this (I hope it does, but have doubts) because you won't have access to the code that's serving up the ads, since those aren't part of your site code, they're placed by the third party ad company and hosted remotely by them. I also think since there are so many variations happening it's less a matter of one or two ads being malicious (and removing one or two ads solving the problem) and more that the entire delivery platform of your ad partner is completely compromised or complicit.