Hello octalmage,
I am not using RevSlider, neither is my theme referencing it (at least from what I am aware).
I don't have the RevSlider plugin, I've searched through all the files for RevSlider references (TotalCommander, find text feature) as well as all the web server logs to see if anyone called a URL that had to do with RevSlider. I couldn't find anything related to RevSlider.
My guess at the moment (shot in the dark) is that the website might been have a malicious cron job, since this triggers every 2~ days. I've used WP Crontrol to view all the scheduled cron jobs but nothing looked suspicious since there was nothing that was running every 2 days.