Since a DirtJumper botnet can be used for DDoS attacks on arbitrary services relying on the network protocol
TCP, we parsed the victim URLs to extract destination ports. Similar to a web browser, the DirtJumper bot interprets the absence of a port in the URL as destination port 80, the standard port for HTTP-based services.Table 4 shows the distribution of the attacked ports and well-known services associated with these ports.