When a website is hacked, the hacker may implement some code into the mix that will “cloak” the bad coded when a user-agent of 'Googlebot' is specified.
This would mean that the website is still crawled/indexed and will still appear on google search however when a 'normal' user loads the website, they are presented with a more malicious site
You can check the site using MD5 and specifying different user-agents such as the examples below:
No user-agent specified:
$ curl -s lukeslinux.com | md5sum cd2e0e43980a00fb6a2742d3afd803b8 -Now we specify a random useragent:
$ curl -s lukeslinux.com -A 'randomstring' | md5sum cd2e0e43980a00fb6a2742d3afd803b8 -Now we specify google as the useragent. The example below shows a random MD5 sum presented to the google bot to 'cloak' the real nature of the website:
$ curl -s lukeslinux.com -A 'Googlebot' | md5sum 803771c199cb89c06e563f8cf3bfda0c -