Itch.io, the popular indie game platform, briefly lost its domain for a few hours Monday morning after what it described as an AI-driven phishing report connected to Funko and BrandShield. The site returned by 7 am Eastern, but the incident showed how a complaint aimed at one page can escalate into a broader outage when registrars and automated systems are involved.
What happened to itch.io
According to itch.io management, the takedown began with a report sent to its registrar, iwantmyname. The platform said the report came from BrandShield, a brand protection company used by Funko of Funko Pop.
In a social media post, itch.io complained that Funko used an “AI Powered” brand protection system from BrandShield, which it said created a bogus phishing report. Itch.io said iwantmyname ignored its response and disabled the domain.
The effect was temporary but visible. The itch.io domain was unavailable for a few hours Monday morning, even though users could still reach the site by typing the itch.io IP address directly into a browser. That distinction matters: the service itself was not described as fully gone, but its domain access was disrupted.
The page behind the complaint
Itch.io founder Leaf “Leafo” Cohran later explained in a Hacker News comment that the complaint appeared to trace back to one user-created page. That user had “made a fan page for an existing Funko Pop video game (Funko Fusion), with links to the official site and screenshots of the game.”
That page triggered independent reports to itch.io’s host and registrar alleging “fraud and phishing” a few days before the outage. Cohran said the page was taken down immediately after the complaints arrived.
The key dispute is what happened after that removal. Cohran said he suspected the original complaint caused the registrar’s automated system to disable the domain because no one read itch.io’s confirmation that the content had been removed.
That sequence left itch.io in a difficult position. From the platform’s account, the specific page had already been addressed, yet the domain-level consequence still followed.
BrandShield’s explanation
BrandShield presented the incident differently in its own social media posts. The company said its “AI-driven platform” identified “an abuse of Funko… from an itch.io subdomain.”
BrandShield also said its takedown request targeted that subdomain, not all of itch.io. In its framing, the broader outage was not the action it requested.
“The temporary takedown of the website was a decision made by the service providers, not BrandShield or Funko.”
BrandShield’s website describes the company as a service that “detects and hunts online trademark infringement, counterfeit sales, and brand abuse across multiple platforms.” It also says the company has multiple Fortune 500 and FTSE100 companies on its client list.
Those details place the incident in a broader category of automated brand protection. Such systems are built to flag suspected abuse across the web, but this case shows the stakes when a report moves from a specific subdomain or page into the infrastructure that controls access to a whole platform.
Why the outage matters
The itch.io incident was brief, but it exposed a fragile part of the web. Domain registrars and DNS servers remain essential control points for online businesses. If the domain stops resolving correctly, many users experience that as the site being down, even when the underlying service can still be reached another way.
The source article connects this event to wider concerns about DNS reliability. Back in May, the desyncing of a single DNS root server could cause problems across the entire Internet. In 2012, Anonymous highlighted the potential for a coordinated attack to take down the entire DNS system.
The common thread is dependency. A web platform can operate normally in one layer while access fails in another. In this case, the practical problem was not only the original complaint, but the chain that followed: a brand protection report, a registrar process, a removed page, and a domain that still went offline.
For itch.io, the outage ended quickly. For other web-based businesses, the lesson is larger. Automated enforcement reports may be aimed at narrow targets, but when they interact with registrar systems, the consequences can become much broader than the disputed page itself.