Don't search for what I mentioned first, follow the advice in the page I linked. The actual site name it redirects to is almost certainly obfuscated using something like base64 encoding if it is in the PHP.

And as that page points out, it might not be in the PHP (though given its stateful behaviour, I guess that it probably is).