Skip to main content

2 posts tagged with "bet365-nj"

View All Tags
MissedRemote access★ Pinned

XPoint / Bet365 NJ: macOS↔macOS RDP via Tailscale + Screen Sharing undetected

Xpointbet365
xpointbet365-njrdptailscalemacos-screen-sharing

Source. May 26, 2026 weekly sync.
Ticket. CIV-73: Bet365 NJ — Remote Desktop via macOS Screen Sharing (XPoint).

What we tested

A common fraud pattern: one computer remotely controls another computer in a different location to place bets. We tested whether Bet365's geolocation provider could detect this when the operator runs on XPoint (Bet365 NJ).

Stack used:

  • Tailscale — a networking tool that connects two computers over the internet as if they were on the same local network.
  • macOS Screen Sharing — Apple's built-in remote-desktop feature, driven through the Tailscale link.

What happened

  • Tester accessed Bet365 NJ from a different physical location through the macOS↔macOS remote session.
  • XPoint failed to detect this remote-access method. Bets were placed without interruption.

Why it matters

This is a clean compliance gap on a vector specifically targeted by remote-betting fraud. The bypass uses entirely off-the-shelf, legal tools — Tailscale and a feature already built into macOS — with no exotic configuration.

Follow-up testing across Radar, OpenBet, and GeoComply-integrated clients has been requested to scope whether this is XPoint-specific or a broader macOS RDP detection gap across providers.

Cross-reference

Xpoint profile → · May 26 weekly sync →

MissedRemote access★ Pinned

Radar / Bet365 NJ: Tailscale + RealVNC RDP undetected for 25+ minutes of continuous betting

Radarbet365
radarbet365-njrdptailscalerealvnc

Source. May 19, 2026 weekly sync.
Ticket. CIV-69: Bet365 NJ — RDP Testing on Android.

What we tested

Remote desktop access against the Bet365 New Jersey Radar deployment, using:

  • Tailscale (mesh VPN) to bring the controlling Mac and the controlled Android device onto the same overlay network despite being on physically separate networks.
  • RealVNC to drive the Android device from the Mac.

The tester then placed real-money bets through the remote session.

What happened

  • 25+ minutes of continuous, real-money betting through the remote session.
  • Zero interruptions, timeouts, or restrictions.
  • Radar's geolocation checks did not detect the remote session at any point — neither at session start, nor at any of the periodic re-checks during the session.

Why it matters

Tailscale + RealVNC is a credible, easily-assembled remote-access setup. The fact that it went completely undetected for 25 minutes suggests Radar's RDP signal detection at Bet365 NJ either does not exist for this combination, or does not run frequently enough to matter.

Combined with the Bet365 MI GPS-simulator bypass on the same week, this is the second confirmed spoof method against a Bet365 / Radar deployment in a single test cycle.

Cross-reference — RDP across providers this week

OperatorProviderToolResult
Bet365 NJRadarTailscale + RealVNC✗ Undetected (this finding)
RSI BetRivers NJXPointTailscaleInconsistent
DraftKings DFS NJRadarZoom / AnyDesk / TeamViewerInconsistent
Fanatics TNOpenBetTeamViewerUndetected
Fanatics TNOpenBetFaceTime✓ Blocked
Fanatics NJOpenBetdroidVNC-NGBlocked and named

Radar leads the failure list this week with two distinct RDP bypasses on two distinct operators.

Radar profile → · May 19 weekly sync →