Skip to main content

2 posts tagged with "betsaracen"

View All Tags
DetectedProxyBrowser extension

Radar / Bet Saracen AR: Oxylabs residential proxy + Location Guard extension combo blocked ✓

RadarBetSaracen
radarbetsaracenoxylabslocation-guardpositive

Source. May 19, 2026 weekly sync.
Ticket. CIV-44.

What we tested

A combination attack against Bet Saracen Arkansas (Radar):

  • Oxylabs residential proxy — egress IP pointing to a residential address in Little Rock, AR.
  • Location Guard browser extension — Chrome extension reporting a spoofed Little Rock, AR location to the Geolocation API.

Both layers were aligned to the same in-state Arkansas location, to test whether browser-level spoofing on top of network-level spoofing would defeat Radar's checks.

What happened

Detected as out-of-state. The platform returned a STATE_NOT_ALLOWED error and refused the wager — despite both the IP and the browser's reported geolocation pointing to a permitted in-state address.

Why it matters

This is a genuine Radar positive — worth recording for parity. The existence of a residential-proxy signal beyond just the egress IP, or of a corroborating signal (Wi-Fi BSSID, traceroute, accelerometer, something) that survives a Location-Guard override, is meaningful.

However, this finding does not rewrite the Radar weaknesses column:

  • The Location Guard extension alone bypassed Underdog DFS on April 28 — so a Chrome extension on its own is still a known gap.
  • Proxy betting is otherwise allowed at Radar — the system has historically asked the user to "wait additional time" if another login was seen from a different location (March 31).

The May 19 positive at Bet Saracen is therefore best read as "Radar can stack a state-line check on top of network spoofing in this particular operator integration" rather than "Radar handles proxies + browser extensions in general."

Cross-reference

Radar profile → · May 19 weekly sync →

MissedResigned / tampered app★ Pinned

Radar / Bet Saracen AR: modified ("resigned") iOS app placed bets from Michigan

RadarBetSaracen
radarbetsaracenios-resigningciV-44

Source. May 19, 2026 weekly sync.
Ticket. CIV-44: Saracen Arkansas — Radar: verify the wagering experience for static connection closer to the border.

What we tested

A resigned Bet Saracen iOS app — re-signed with a developer certificate to remove Apple's app integrity / attestation protections — installed on a device in Michigan and used to attempt real-money betting against the Bet Saracen AR (Radar) deployment.

The same player account was also tested on the unmodified App Store build, as a control.

What happened

  • Resigned app: bets placed from Michigan with no issues. No geolocation challenge, no error message, no session interruption.
  • Unmodified app: correctly blocked on the same account, from the same location. The control behaved as expected.

This isolates the gap to the tampered build — Radar's checks at Bet Saracen do not detect that the iOS app has been resigned.

Why it matters

This is a direct fraud + compliance risk. With a freely-available resigning workflow, a bad actor can:

  1. Re-sign the Saracen iOS app once.
  2. Distribute or use the modified build from any state.
  3. Place real-money bets that bypass Radar's location enforcement.

This finding contradicts the May 11 result where resigned iOS at Bet Saracen + Fanatics was reportedly blocked — the gap may have evolved, the prior detection may have been build-specific, or the integrity check may be running inconsistently. Either way, the May 19 result is the current, verified state.

Cross-reference

Radar profile → · May 19 weekly sync →