I worked for a company who had this happen to an internal development domain, not exposed to the public internet. (We were doing security research on our own software, so we had a pentest payload hosted on one of those domains as part of a reproduction case for a vulnerability we were developing a fix for.)

Our lawyers spoke to Google's lawyers privately, and our domains got added to a whitelist at Google.