Mangago is a site that lets users read famous mangas for free. The site is still in beta but has quite a large collection of Manga to choose from. However, owing to copyright restrictions and piracy claims, you may or may not be able to access the site from your location.
In this article, we’re going over a few fixes you can try out if Mangago is not working.
Try incognito mode
In case you haven’t already, try using the incognito mode on your browser when accessing Mangago. This mode turns off a lot of trackers that may be interfering with the site otherwise and restricting access.
Try using a VPN or a different one
Another common reason you might not be able to access Mangago in your location could be that your country has flat out banned the site. In such cases, using a VPN set to a server location where the site is still accessible is your best bet.
It’s also possible that the server your VPN is pinging is causing issues with Mangago. Try a different VPN and see if that solves the issue.
Disable your VPN
On the flip side, at times, using a VPN can also restrict your access to the site. If Mangago is accessible without a VPN in your location, we suggest disabling your VPN when accessing the site. However, if the site is banned in your location, try changing servers to different locations until you find one that works.
Reset your browser
Resetting your browser can help get of seemingly random issues that you might be experiencing while visiting sites.
Step 1: Head over to chrome://settings/reset. Click on Restore settings to their original defaults.
Step 2: Chrome will show you a warning prompt. Click on Reset Settings, and your browser will reset to default settings.
Clear your cache
Corrupt files in the cache can cause problems with several sites, including Mangago. Try clearing your browser’s cache to check if you can access the site.
Step 1: Type chrome://settings/clearBrowserData in your browser’s address bar and hit Enter.
Step 2: Select the cache and cookies options and make sure the Time range is set to All time. Click on the Clear now button to clear out all the data.
Reinstall your browser
Finally, if nothing else works, you can try reinstalling your browser from scratch to check if the issue gets resolved.
Step 1: Press Windows Key + X to open the Quick Access menu and click on Apps & Features.
Step 2: Find Chrome in the list of apps and use the Uninstall button to remove the browser.
An inside look at Mangago’s ad fraud scheme
Ad fraud goes beyond bots watching ads. Today, fraudsters are coming up with more sophisticated schemes to steal from advertisers. To illustrate this point, we’ll explain how mangago[.]me—an anime site with adult and often pirated content—made advertisers believe they were showing ads on brand-safe lifestyle magazine sites.
Mangago seems to have deployed context spoofing, which uses redirected domain and page content to increase the cost per thousand impressions (CPM) value of their ad placements.
Mangago’s exposed scheme reflects increasing ad fraud sophistication and highlights the risk of using a single category to determine if a site is valid, appropriate, and safe. In this case, Mangago seems to be taking advantage of advertisers that rely on a page URL to make bidding decisions and cannot identify context spoofing easily. Oracle Moat identified this ad fraud scheme and is publicly sharing this information to help mitigate ad fraud and to reinforce digital advertising best practices.
An ad fraud setup like Mangago’s scheme
The operation uses five domains. This includes one “real” site, three “fake” sites, and one domain for image storage:
- Mangago[.]me: The “real” website that provides free manga comics
- mnggo[.]net: The fake lifestyle magazine titled “newfashion”
- lady-first[.]me: The fake lifestyle magazine titled “ladyfirst”
- fashionlib[.]net: The fake lifestyle magazine titled “lifestyle”
- mangapicgallery[.]com: The domain used to store the manga comics images
Mangago is the real manga website. When mangago[.]me visitors click on an image or button to begin reading what they think are free comics, they are automatically redirected to one of the fake lifestyle sites.
For site visitors, it looks like they are still on mangago[.]me. But they are actually on a fake lifestyle URL with ads loading. Any automatic context recognition using the URL or page content will fool advertisers into thinking people are viewing their ads on legitimate lifestyle magazines.
The ad fraud framework
Let’s break down how some ad fraudsters do it. Each of the fake sites has two types of pages. First, the seemingly legitimate lifestyle articles usually have “/article/” in their URLs. If a reader tries to access one of these pages, they will see a lifestyle article that doesn’t raise suspicion at first glance.
The second page type has URLs related to the scheme. Usually, these pages contain “/c/” and are in the format of https://www.mnggo[.]net/c/31989/412733/1/, which loads a comic and changes the URL to seem like an article page.
The fake content and articles are duplicated across all three fake domains. By simply changing the domain and keeping the URL suffix, we get the same article on each site. And no bots are used in this process (see Figure 1).
Behind the scenes
A comic reader browsing on mangago[.]me clicks on “Start Reading” to check out an online comic. At this point a new tab opens on mangago[.]me domain and gets HTTP 301 “Moved Permanently” response. The browser then automatically redirects to the “location” specified in the response. This redirection is done only when the server gets the request with the “referrer: https://www.mangago[.]me/” HTTP header.
The ability to change the page URL without reloading new content is enabled by the History API and is supported by all major browsers. It is a key feature for enabling single-page applications on the web.
<pLike many other legitimate browser features that enable the richness and diversity of the Internet as we know it, the History API is a double-edged sword that can also cause harm and defraud advertisers. In this case, due to the History API, one cannot trust the path part of the URL to represent the true context of an ad.
The same comic is available on all three sites with the same content. The comic images are stored on a fifth domain named mangapicgallery[.]com. The image links are encrypted and stored on the client side, and are decrypted after the page loads.
The ads are being served using the header bidding prebid.js framework, which enables the browser choosing the ad with the highest bidding price across multiple partners. As we can see in the prebid requests, the URLs in the requests are the spoofed ones, tricking the ecosystem into believing that the ad will be served on a lifestyle blog rather than on mangago[.]me.
Domain vs. context ad spoofing
A common ad fraud scheme is misrepresenting ad impressions through domain spoofing. This is when a seller claims to have ads for sale on, say, Publisher X—and then uses a bot to generate views of this ad slot with the faked domain. These ads don’t appear on the real domain at all, and the fraudster pockets the profits of the faked impressions.
This is possible because bots can spoof their domain information, and the programmatic supply chain is vulnerable to this type of attack. Advanced bot detection, ads.txt and the SupplyChain object have done a great deal to make this sort of attack more difficult. But until we have widespread adoption of ads.cert the possibility of domain spoofing persists.
For context spoofing, the domains are all real and, in this case, owned by the same operator. The viewers are humans and not bots. Ads.txt, SupplyChain object, and even a cryptographic signature thru ads.cert do not stop this type of ad fraud because the lifestyle URL is real and is verifiable. As an example, lady-first[.]me has a seemingly legitimate site with a valid ads.txt file.
So unlike other “domain spoofing” bots we’ve uncovered, context spoofing does not require bots to be detected, and the inventory is not spoofed.
Fighting ad fraud
The online advertising ecosystem is complex, and every piece of information used to bid on and purchase digital ads is at risk for spoofing and fraud. Oracle Moat provides advertisers with sophisticated invalid traffic (IVT) detection to help protect their digital investments from ad fraud schemes—ranging from automated bots to domain misdirection and context spoofing.
And the Media Rating Council (MRC) has accredited our detection and filtration methodology for desktop, mobile web and, mobile in-app environments.
We continue to support the adoption of standards including ads.cert to address gaps in trust in the ads ecosystem. Additionally, we also stress the importance of independent, accredited third-party measurement as an additional safeguard.