This is something interesting. Try going to http://www.circaventures.com/ You will get a venture capital company.
Now go to google and search "Circa Ventures". The first result you get is the exact same domain but the description is "medical website". Click it, you get to same domain but now a medical drug website is shown at exactly same domain!
One can of course see the previous website visited and accordingly force display of the other website but why? Is this SEO experiment? Or am I missing something? Other possible reasons?
This is obviously a spamming or scamming site, either setup on purpose or a hacked legitimate site. If visited without Referer header it will show some seemingly innocent site:
$ curl http://www.circaventures.com ... <title>Circa Ventures | helping you close the loop</title>
If visited with a Referer from a search engine it will show spam:
$ curl -H "Referer: https://www.google.com/" http://www.circaventures.com <frameset rows="*,0" framespacing="0" border="0" frameborder="NO">^M <frame src="http://mantrshopo.com/redirect.php?z=cialis" noresize="" scrolling="auto">^M </frameset>
This seems to work for any Referer which contains Bing, Google, Yahoo or similar, i.e. even when using
https://this-site-is-not-yahoo/ as Referer. Using a different Referer like
https://this-site-is-not-stackoverflow/ instead will result in the seemingly innocent site.
As Steffen Ullrich has said, the reason for displaying different website is different Referer header; the underlying server was compromised and configured to show different content based on header (e.g. using mod_rewrite on Apache, similar to how you'd forbid image hotlinking). When Referer is
www.google.com it uses the
circaventures.com as a mask for
mantrshopo.com (notice how all the links on the fake
circaventures.com lead to
probably most certainly sells fake medicine, as its About page is written in pretty bad English, domain is registered in Hong Kong to Clara Iglesias with address in Kamloops (a town in British Colombia, Canada), Albania, with a Hong Kong phone listed, and is served through a proxy in Netherlands. That name/email is listed as a registrar for two more domains,
itashopo.com, one served from Netherlands and other from Russia. All of them aren't working when accessed directly using IP, i.e. it just displays "This shop not installed" message. It seems that previously a different scam pharmacy was served through the
itashopo.com's current IP address,
septsahopo.com, this one registered to a Russian named Stepan Bandera (also a Ukrainian political activist/nationalist from WW2) which has a slew of other domains registered to him (search by email, by name).
So it seems you stumbled upon a chain of scamming websites. Stay away from it.