Skip to main content

2 posts tagged with "location-guard"

View All Tags
DetectedProxyBrowser extension

Radar / Bet Saracen AR: Oxylabs residential proxy + Location Guard extension combo blocked ✓

RadarBetSaracen
radarbetsaracenoxylabslocation-guardpositive

Source. May 19, 2026 weekly sync.
Ticket. CIV-44.

What we tested

A combination attack against Bet Saracen Arkansas (Radar):

  • Oxylabs residential proxy — egress IP pointing to a residential address in Little Rock, AR.
  • Location Guard browser extension — Chrome extension reporting a spoofed Little Rock, AR location to the Geolocation API.

Both layers were aligned to the same in-state Arkansas location, to test whether browser-level spoofing on top of network-level spoofing would defeat Radar's checks.

What happened

Detected as out-of-state. The platform returned a STATE_NOT_ALLOWED error and refused the wager — despite both the IP and the browser's reported geolocation pointing to a permitted in-state address.

Why it matters

This is a genuine Radar positive — worth recording for parity. The existence of a residential-proxy signal beyond just the egress IP, or of a corroborating signal (Wi-Fi BSSID, traceroute, accelerometer, something) that survives a Location-Guard override, is meaningful.

However, this finding does not rewrite the Radar weaknesses column:

  • The Location Guard extension alone bypassed Underdog DFS on April 28 — so a Chrome extension on its own is still a known gap.
  • Proxy betting is otherwise allowed at Radar — the system has historically asked the user to "wait additional time" if another login was seen from a different location (March 31).

The May 19 positive at Bet Saracen is therefore best read as "Radar can stack a state-line check on top of network spoofing in this particular operator integration" rather than "Radar handles proxies + browser extensions in general."

Cross-reference

Radar profile → · May 19 weekly sync →

MissedBrowser extensionCompliance★ Pinned

Radar / Underdog DFS: Chrome extension (Location Guard) undetected

RadarUnderdog Fantasy
radarunderdogbrowser-extensionlocation-guard

What we tested. Underdog DFS, browser-based Radar geolocation deployment. Installed the free Location Guard Chrome extension and reported a spoofed location.

What happened. Undetected. Radar did not flag the browser-extension spoofing.

Adjacent gaps from the same test (April 28 weekly).

  • Device-counting logic flaw — every login at Underdog is recorded as a new device, regardless of whether the device has been seen before. Inflates device counts and prevents multi-account detection — significantly weakening fraud detection.
  • Border crossing — testing confirmed users can continue placing wagers for approximately 1 minute after entering a restricted zone before Radar intervenes. Regulatory compliance risk.
  • Increased geolocation frequency + buffer-zone false positives — no single-license support; more frequent checks; unnecessary failures.
  • Loss of meaningful error messaging — generic error messages for all geolocation failures post-GeoComply switch; ability to self-troubleshoot eliminated; support contact volume likely up.

Why it matters. A free Chrome extension that anyone can install defeating Radar's regulated-DFS deployment is the entry-level sophistication. The device-counting flaw makes multi-accounting effectively free. Bundle these into the Underdog talking points.

Radar profile →