On the internet, no one knows you’re a dog, but they know that you are accessing their website from an IP announced by an ASN that belongs to an ISP on the East Coast of the United States. As the DOM renders a piece of third party fraud detection, javascript runs and collects details about local time, flash, etc, creating a finger print for your browser. It also takes a look at your IP address to see if it is a reasonable match to the zip code associated with the credit card you’re using and possibly confirming that it matches the netblock you frequently login from. This second component, access to secure sockets (SOCKS) in ISP networks and other netblocks, is the topic covered in this presentation. We will cover the market for SOCKs, including vendors and pricing models, as well as a botnet that we came across when monitoring SOCKs markets