Radar / Bet Saracen AR: Oxylabs residential proxy + Location Guard extension combo blocked ✓
Source. May 19, 2026 weekly sync.
Ticket. CIV-44.
What we tested
A combination attack against Bet Saracen Arkansas (Radar):
- Oxylabs residential proxy — egress IP pointing to a residential address in Little Rock, AR.
- Location Guard browser extension — Chrome extension reporting a spoofed Little Rock, AR location to the Geolocation API.
Both layers were aligned to the same in-state Arkansas location, to test whether browser-level spoofing on top of network-level spoofing would defeat Radar's checks.
What happened
Detected as out-of-state. The platform returned a
STATE_NOT_ALLOWED error and refused the wager — despite both the IP
and the browser's reported geolocation pointing to a permitted
in-state address.
Why it matters
This is a genuine Radar positive — worth recording for parity. The existence of a residential-proxy signal beyond just the egress IP, or of a corroborating signal (Wi-Fi BSSID, traceroute, accelerometer, something) that survives a Location-Guard override, is meaningful.
However, this finding does not rewrite the Radar weaknesses column:
- The Location Guard extension alone bypassed Underdog DFS on April 28 — so a Chrome extension on its own is still a known gap.
- Proxy betting is otherwise allowed at Radar — the system has historically asked the user to "wait additional time" if another login was seen from a different location (March 31).
The May 19 positive at Bet Saracen is therefore best read as "Radar can stack a state-line check on top of network spoofing in this particular operator integration" rather than "Radar handles proxies + browser extensions in general."
Cross-reference
- Radar / Bet Saracen AR: resigned iOS bypassed this week — same operator, application-level vector slipped past.
- Radar / Underdog DFS: Chrome extension bypass (April 28) — same Location Guard tool, different result.