When a website is hacked, the hacker may implement some code into the mix that will “cloak” the bad coded when a user-agent of 'Googlebot' is specified.
This would mean that the website is still crawled/indexed and will still appear on google search however when a 'normal' user loads the website, they are presented with a more malicious site

You can check the site using MD5 and specifying different user-agents such as the examples below:

No user-agent specified:

$ curl -s lukeslinux.com | md5sum
cd2e0e43980a00fb6a2742d3afd803b8  -

Now we specify a random useragent:

$ curl -s lukeslinux.com -A 'randomstring' | md5sum
cd2e0e43980a00fb6a2742d3afd803b8  -

Now we specify google as the useragent. The example below shows a random MD5 sum presented to the google bot to 'cloak' the real nature of the website:

$ curl -s lukeslinux.com -A 'Googlebot' | md5sum
803771c199cb89c06e563f8cf3bfda0c  -