Llivesex com datingbuffalo com
Using one of the Googlebot emulators like File Viewer you MAY see something like this in the code for the page - In some of the latest versions of this hack the hackers have "cloaked/hidden" the block of spam from Googlebot emulators, looks like they are now authenticating Googlebot.
If the emulators like File Viewer do not show anything you should use the Fetch as Googlebot utility in Webmaster Tools to fetch the URL then carefully scan through the code returned for any spam.
Note: This is a fairly comprehensive article covering most CMS.
In most cases a web server is going to be configured to serve a default file if no filename is specified in the request.
The default file(s) to be served can be user configured with something like this being common.
Based on the configuration the file is going to be served first so the requester gets the spam page.
These spam hacks are real common on WP sites and sites hosted on IIS 6.0.
On Word Press sites the file is modified by adding the following lines - The "png" files contained some php code which inserted some on-line gambling spam links if the user agent in the request was Googlebot.