Jump to content

Malware Detected, Google Ads Disapproved

Recommended Posts

Site URL: http://www.malvine.eu

Google Ads has flagged all of my ads, claiming that 'malicious software' exists on the site. My website doesn't use any custom code or third party plug-ins. It's a simple e-commerce website using the Hyde template.

Google support have given me particular links which they have found unsafe content on:

They told me they cannot "elaborate or provide exact information on the detected links."

There are no errors on Google Search Console or any of the third party malware scans that I've ran on the site.

Does anyone have any experience with this and would be able to help me solve this issue?

Edited by marisrutkis
Link to comment
  • 2 months later...

Site URL: https://secondchanceagency.com/

Hi all,

We can't run google ads to our website due it flagging for malware. I have reported this to Google and asked them to highlight which files are causing the problem but due to Covid limitations on their services they haven't got back to me.

Could you please advise the best way of detecting and removing the malware and taking steps to ensure this doesn't happen again?


Link to comment
  • 2 weeks later...

Hi Guys,

I am still getting these ads rejected. I got the following message from Google;


Hi Conor,

Greetings from Ads. Hope you are doing good.

Please accept my sincere apologies for the delayed response. In this time of COVID-19, we hope everyone in your family and friends are safe.

Summary: Links for malicious content on domain.

Query: Ads Disapproved under Ads Account: 6891266166.

InvestigationPost receiving your request, I have re-scan on your account, please find their observation below.

The latest scan from your website came back, and  detects still Malicious links are present on the website which are potentially harmful to you and your site visitors. Below are the links that we have detected.



  • ‘imggmi[.]com 


Here are the few affected URL's:

1) https[:]//secondchanceagency[.]com/

2) https[:]//secondchanceagency[.]com/academy-futureproof

3) https[:]//www.secondchanceagency[.]com/about/

Please respond to this email after making the suggested changes with the help of a web developer so that I can get the website re-scanned on priority for you.

Note: Please note that as a precautionary health measure for our support specialists in light of COVID-19, we are operating with a limited team. Thanks for your patience, as it may take longer than usual to reply/process.

Google Ads Team

NB: If you need to reference this support ticket in the future, the ID number is 2-8156000030657

Can someone help??


Link to comment
  • 2 months later...
  • 3 weeks later...

This is a very frustrating situation not least because Google is very hands-off when it comes to telling you what the problem is and that even when you speak to Google Ads a support technician might be able to tell you everything is all fine and then the robot comes back and finds the error.

We have had a situation like this before and it was actually due to a third-party code that was running on a website that Google had deemed to contain code that could be used for unhealthy purposes.

IE It was nothing to do with the ads at all.

Therefore in this situation the first thing I would advise you to do is stop all third-party codes from running on your website. Google code will not be a problem. After you have done this, request a review of your ads and see if that fixes it. If it does, then you can find ways of re-adding the codes one by one back into your pages.

You might also check to see whether you are running any out of date libraries, for example JQUERY updated quite recently and I know that this caused a number of wordpress websites to go offline.

Frustrating, I know, but you should be able to fix it.


We provide digital marketing services for businesses that need exposure/sales from search and social media networks. We also build incredibly fast and well optimised multi-language Square Space websites.
Digital Marketing | Marketing Digitale

Link to comment
  • 7 months later...

Site URL: https://www.abandonedbuildingbrewery.com/home

We're trying to run Local Ads on Google Ads and our ads are not able to be approved because of malicious software.

We have no scripts running. 

We have contacted Squarespace Support who sent us an article about how Google issues warnings regarding unexpected behavior. This is not a warning.

There are no errors or security issues in Google Search Console.

Please see the email below from Google:



Thank you for patiently waiting. I hope this email finds you in good health. 
I am writing this email in regards to apprise you with the real time status of the ads disapproved for Malicious software in your Google Ads account CID 896-346-2349
I have received a response from the appropriate team and as a conclusion the team has stated that the ads in your Google Ads account are in scope with the policy for Malicious software.


The team has shared that the links are still present on the website and I've shared the infected links on your website below I would suggest you to get in touch with your web developer. In order to fix these links once the links are fixed we'll be able to reach out to the team and get the ads reviewed again. 

The infected links are:

Check the status of your site in the Google Search Console. If the scans are clean, reply with the un-cropped screenshot of the scan for us to enable the ads.

About the Malicious or unwanted software

  • Malicious software or "malware" that may harm or gain unauthorized access to a computer, device, or network is not allowed. Examples: Computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, rogue security software, and other malicious programs or apps.
  • Ads or destinations that violate Google's Unwanted Software policy is not allowed.

Hope this helps. If there is anything that you require assistance with, I am just an email away.

Have a nice day.





Please help!

Link to comment

UPDATE (Email from Google)


Clarification : 

I would request you to run a sweep on your website and remove the Malware with the help of your website designer, so that we can get the website approved for Advertising and you can continue to run your ads. I understand this might seem trivial, however, it would help tremendously if you could take this to your web master/developer and have either these malicious elements removed or replaced since they're causing your website to get pulled up.

For your convenience, I am sharing the link to the Malware that needs be cleaned from the Website:

Once the Malware is cleaned from your website you can submit the Ad/Website for review by hovering over the disapproved ad and look for the “appeal” link to see if you’re eligible. You’ll also be able to track the status of your appeal in Policy Manager Appeal History. For more details, please feel free to refer to this Help Center article as well. 

Link to comment
  • 4 weeks later...

@Tiger_Thomas - did this issue get solved by Squarespace? Or how did you get around it?

I have the excact same issue, and the Squarespace Support can't seem to solve it for me.

Sadly that means, that I'm currently not able to advertise for my webpage, which is catastrohical.

Link to comment
  • 2 months later...

Having the same issue here. This was Squarespace's response,

"Thank you for reporting this. I can confirm this is related to an issue with these internal URLs being flagged as malicious by Google on our end. We’ve reported this to our Engineering team, and they’re currently prioritizing the issue.
Please keep in mind that there are many moving parts we need to address before we roll out a solution. We thoroughly test all fixes before they’re released.
As a result, we can’t guarantee how long it will take to fix issues like the one affecting your site. Also, because of the volume of reports we receive, we can’t always follow up personally when the issue is resolved.
That being said, customer bug reports are an important part of how we continue to improve our platform. If you come across any other unusual behavior, please let us know."

Link to comment
  • 2 months later...

I just flagged the same issue. So looks as if this has been at least a problem from September 2021. I received the same response saying they are working on it. Sadly my client can not wait for another 5 months to be able to run google ads so I'm going to have to move their website onto another platform at my cost. Pretty big issue, should be resolved by now.

Link to comment
  • 2 weeks later...

I have had this exact problem not on SquareSpace but I can tell you what it relates to. There will be  library or a piece of code that is being used by SquareSpace that is redundant and has a security risk. This security risk is responded to by the Google bot with the email you get.

The only people that can fix this, and I assume that this is code controlled exclusively by SquareSpace, is for them to audit the code and check to see that the libraries the code uses are up to date. This is the only solution.

We had a very annoying situation where our Google Ads went offline, and everytime we attempted to find the problem and resubmit the ads they got disapproved again. In the end a third-party Supplier confirmed to us that they were aware that their code was causing problems and were trying to fix it.

I am not familiar with the problem you are experiencing but I do know how frustrating it is, and the steps that need to be taken are those as described.

Fingers crossed for you all.


We provide digital marketing services for businesses that need exposure/sales from search and social media networks. We also build incredibly fast and well optimised multi-language Square Space websites.
Digital Marketing | Marketing Digitale

Link to comment
  • 1 month later...

Hi @Tiger_Thomas,

Following are the Possible Causes for a Disapproved Google Ad 

  • Outgoing URLs on the landing page are using HTTP when the landing page is secure over HTTPS (learn more about enabling a secure domain within our documentation: Securing your Domains with SSL).
  • You don’t have a page published to the root of your domain/subdomain. Eg. test.domain.com/page-1 has a page but test.domain.com is blank.
  • Images are hosted on software that Google Ads doesn’t approve, such as unsupported image files or formats. Try changing the image formats to more recognized formats, like .ico, .png, .jpg, etc.
  • There are redirects on the landing page domain or page URL.
  • WordPress plugin(s) is deemed malicious by Google.
  • Custom scripts added to the landing page are referencing external content deemed malicious by Google.
  • You have included automatic downloads on the landing page. According to Google's Unwanted Software Policy, “download of [a] software should only begin when the user has consented to the download by clicking on a clearly-labeled download button." 
  • You have included form fields that prompt the visitor to submit sensitive information. According to Google's Unwanted Software Policy, "software must not collect sensitive information such as banking details without proper encryption."
  • Misrepresentation of the expected content. Here are some examples provided by their documentation:
    • “An ad that only contains the words 'Download' or 'Play' without identifying the software it advertises for."
    • "A "Play" button that leads to a download."
    • An ad that mimics or copies the design of another publisher's site to entice visitors, but contains malicious content or unrelated software instead.
  • Sometimes, a browser will automatically search for a favicon on your landing page. A favicon is an icon image or tab icon that’s associated with your website. If your browser does not detect a favicon installed on your page, this can return a 404 error within the browser console, and Google Ads may flag this 404 as malicious.

    To remedy this, you can install a favicon across your landing pages:
    If you’re working with the Classic Builder, see adding a favicon. If you’re building a page with Smart Builder, see how to update your page metadata, including uploading a favicon.

    Or, if you don’t wish to install a favicon, you can add this tag to the Head of your page to stop browsers from requesting a favicon:

    <link rel="icon" href="data:;base64,iVBORw0KGgo=">
    Learn more about adding custom scripts here: Adding Custom Scripts and CSS in the Classic Builder.

And Please also go through the following screenshot


Connect with me for further discussion.


Link to comment
  • 1 month later...
  • 2 weeks later...

Site URL: https://swellphysiopilates.com.au

Not long after my site was created I ran a Google Ad, and Google detected malicious software and circumventing systems within my site. The site appears to function well. Squarespace said it is a known problem but they do not have a fix and do not have an estimate for when a fix will be available. My web developer said it's a problem on Squarespace's end. 

Does anyone have information about this?

Link to comment
  • 1 month later...
  • 1 month later...
  • 2 months later...

I'm experiencing this with a client as well. The Ads were running just fine for 6 months, then out of nowhere, Google flagged everything for "malicious software" and "circumnavigating systems".

Doesn't appear Squarespace has done anything to address this issue, so I'm just adding another plea to the thread.

Link to comment
  • 3 months later...

I have the same issue where my site is being flagged for "Malicious Software" and "Circumventing Systems" after not having issues for weeks.

At this point I am considering taking my site off of square space. I reached out to the chat and received the same response from squarespace, word for word, about how the engineers are working on it but no time frame can be given because its a complex problem.

Considering the proportion of squarespace users who are small business owners that rely on google ads for digital marketing you would think it would make it out of their backlog as a priority item. Google is not blameless in as they really take having a "black box" system with nearly no visibility to a new level.

Considering how both organizations have so much "interoperability" documented between the systems it should not take 3 years to address.

Disappointed to say the least. Hopefully I'll have better luck with Wix.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.