All things Shopify and commerce
Google disapproved all our ads due to a bad link.
Can't seem to find it anywhere in our shop code and etc.
Anyone able to help with this?
Investigation:
Solved! Go to the solution
This is an accepted solution.
Hi! I wanted to share that this issue has been addressed.
Please note however that you must manually remove any references to polyfill.io in your theme.
I'm going to mark this as the solution to aid with awareness - thanks again all for your feedback on this as well!
TyW | Online Community Manager @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
That could be many things
I was referred here by the shopify help chat to post about this haha.
As they said they can't access the codes or something.
Hi @4rwino
To comply with Google Ads policies, ensure your website is free from malicious software, dangerous products, and phishing
Check your Google Ads account for disapproved ads details, identify unsafe domains, and use tools like Screaming Frog or SEMrush to scan and remove any problematic links
I trust the information above will prove helpful in resolving your issue 😊
We tried but can't seem to find the code /. domain name.
googie- anaiytics[.]. com
the badlink identified by google was the above. (i spaced it out as shopify is preventing me from posting
That's so bizarre, our client's Shopify store started getting this issue too a few days ago.
We've having the same exact issue with the same exact bad domain!
Hello
Hope you are well
Im experiencing the same issue with google ads are you familiar with how to delete this?
Can you forward me the whatever google sent to my DM or email? Once I get that I can check what exactly did Google Ads say to you to cause that issue.
Have dropped you an email to Taknify as we can't send the link google sent us
have you run the site through Screaming Frog?
Whet extensions you have installed on your shop and what template you are using?
We have the same issue on our shop and google ads account from last 4 days and we are trying to figure out what is generating this problems
Hi there,
we use Lorenza Theme.
Avis Product Options,
Bloom
Pop Convert
Did you manage to resolve it?
Hello,
I use - Warehouse template. And do not have any extensions you mentioned above.
We scanned the website, check the codes of templates we have all in GIT versioned and we did not find anything related to this domain:
googie- anaiytics[.]
We sent the information back to security team and waiting for their answer. Apealed throught Google ADS where denied.
Do you think we need to check with our domain hosting?
I thinkg we found solution and the reason why google is seeing website:
https://safeweb.norton.com/report?url=
Type in url= your website and check if is marked as Caution or Warning.
Our website is norton rating caution - we wrote email to Norton to ask them for details. But it seems that can be the problem.
Ours came up as safe. And it came out safe with other scanners too! Its so weird. Google said our landing page is affected by an unsafe domain - googie anaiytics . com
Cant find that anywhere on our pages!
yes, mine came up as safe as well. and I'm facing the exact same issue as you haha.
15 june was the day our google ads got disapproved
I only realised ours was disapproved on 16th of June, it must've stopped around the same time. And we're both on Shopify. I wonder if theres a bug or something.
Our got stopped also : 15th/16th .
We oparate with our activities in many countries and we saw that the first blocked sites where located in Nigeria.
Do you guys operate in any exotic countires?
Maybe its related with GEO region or sth. But its very strage - maybe there is any security issue on shopify?
I'm not too sure. but we don't operate in any exotic countries.
Was wondering If it could be godaddy?
Still waiting for google ads to get back to us as I told them we can't locate the badlink... 😕
We also send google reposnd we do not see anything on our side. And till tomorrow they should respond.
We have been waiting for their response for about 2 days. We informed them that we can't locate the googie domain haha.
Haven't heard back from them.
Any luck on your end?
I got respond from them that maliousi links still exists.
There are only 2 scripts i Have on websites they pointed to 3rd party ADS systems - Kelkko and Microsoft ADS.
My client's site only operates in the United States and shows up as Safe in the Norton scan. Still waiting on a response from Google. Shopify support suggested to me that it could be GoDaddy as well, which does control our domain name, but our nameservers are Shopify's nameservers.
Anyone has any luck with this? Google is taking forever to reply us.
Hello there, we supported some customers with the same problem. It is caused by a malicious code injection. If the problem still persists, you can send me an email and share store admin access so I can have a look.
@hoaranel can you share details here what the malicious code is, how it's getting injected? Useful for the community.
I am @hoaranel but somehow I cannot login into my account. Anyways the issue is with polyfill. Defintely not a false positive. Remove it as soon as possible.
Hey guys, just an update.
Had the shopify internal team that helped us. But we don't know if it will work.
Hi team,
This is John from Shopify Partner Support, this appears to be a false positive result from Google Ads Support flagging the url "googie-a. naiytics[.]. com".
We have searched through your website and found no reference to this url anywhere at this time. I have written up some steps below for you to follow before requesting a Manual Review(please see the last note on how to request that) from Google Ads support as that usually resolves this kind of issue when no malware or injected scripts or redirections to url's can be found or detected by our logs.
Remove Chrome Extensions
Remove any Chrome Extensions that you have recently added to your browser. They can be the source of these kinds of issues and if you do not recognise the developer it is safer to remove the Chrome Extension before requesting a review from Google. This should be done for every member of staff that accesses your Shopify Admin.
Transparency Reporting Tool
You can run each of those links through Google's own Transparency reporting tool and that will show there is no malicious links detected on any of those links.
Out of Date: App References
There doesn't seem to be any apps currently that have been removed from the App store in your list of apps. However you could make sure to uninstall any apps that are no longer in use or have never been set up to avoid any potential issues with domain expirations
Out of Date: Custom Apps
If you have any Custom Apps you should make sure that they are up to date in case they generate any malicious urls.
Cached Results.
To help with Google Ads review process try re-submitting your Sitemap to Google's Search Console. This will help with stopping their automated systems from checking against Cached results. This will also update any of the links that are include @WPM. All links related to that are expected links but they have been set to Non-indexed and should not be flagged by Google. Re-submitting your sitemap will update that
Updating Theme.
Updating your theme file can also help with the Automated review process, If it is possible to update your theme.
Manual Review
Once you have made any changes (clearing up old out of date app[app store or custom apps] references from your code, submitting sitemap or updating your theme file you can reach out directly to Google Support using a form (shopify team sent me) to request a Manual review if the Automated review process keeps flagging your store.
GUys, check this out:
https://forum.squarespace.com/topic/306234-google-ads-says-my-site-is-affected-by-an-unsafe-domain/
Hello there, we encountered the same problem. It is caused by a compromised library, polyfill. You will need to remove all instances of polyfill in your website for it to work normally.
I have polyfill in my themes so maybe this is a reason.
so everyone on this thread that has this issue is for one reason or another using polyfill? that would make sense
We need to confirm that.
We are deleting it now from all of sites and submit for verification.
What are you deleting? Is there a specific script, theme or app that is injecting this? How did you find it?
We have all code on git synchronized with shpoify so we are just searching for pollyfill .io CDN scripts and deleting them.
We keepp you updated, we clean up all pollyfill scrits and sent request to google for another manual review .
hello
hope you are well
I am experiencing the same issue- who is helping you delete this as I have no idea how to do it?
We updated the theme to the latest version the other day, then changed the main domain to the shopify one(i didnt have the patience!)
Will try this one too. I realised some of the apps are now missing once we updated the theme.
Hello,
We have the same issue on our shopify stores and found that this issue is spreading in more discussions on other popular forums:
https://moz.com/community/q/topic/72055/website-is-flagged-as-compromised-site-by-google/3
THis is is interesting also from twitter , about 2 months ago:
Seems its still unresolved despite Cloudflare knowing this issue. Maybe we should send Cloudflare/Godaddy a mass complain about this. It cant be a coincidence.
Definitly. We already send complan to GoDaddy, CLoudflare, Norton.
In norton they respond quickly and marked the site Suspisions - so the more people will complain the faster it will be blocked throught DNS / Domain Provider.
I see people recommending for months to remove all instances or pollyfill since before the company was sold. why not just remove polyfill and be done with it?
Anyone got sucess after removing pollyfill ?? , we went throught automated apeal but stil rejected.
Waiting now for manual review maybe its cache related problem.
If you are sure that your site is free of polyfill, you will need to escalate it to manager at google and ask them for a rescan, and you need to do it on weekday during business hour. Otherwise they just keep rejecting without ever reviewing your site again. I waisted days arguing with their support.
Cloudflare had noticed some problem with the polyfill and offered an alterantive already, but it is not nearly as popular.
After manuall request still they see the site is compromised, anyone of you guys have successs?
I've been in this same boat, but with Wordpress. Removing Polyfill did nothing. I'm down to 1 stylesheet and a handful of js files, google fonts, and gtag. I'm going to try to localize everything and reduce it to 1 css, 1 javascript. At that point if the database is clear and the files are clear, I'm at a total loss.
If the websites were blocked at the same time around July 15 and there was a discussion here where certainly not everyone was able to track it down, there is definitely some common denominator that connects all these matters.
It may be the pollyfill library or something else.
I think that the idea of elimination is absolutely fine, but it would be best to gain access to a tool that can show us that a given link is actually being accessed.
2m ago Learn the essential skills to navigate the Shopify admin with confidence. T...
By Shopify Feb 12, 2025Learn how to expand your operations internationally with Shopify Academy’s learning path...
By Shopify Feb 4, 2025Hey Community, happy February! Looking back to January, we kicked off the year with 8....
By JasonH Feb 3, 2025