**5.3 Problem statement**

The problem explained in this paper is to identifying and extracting malicious web programs combined into malicious websites on the client honeypot technology. It is used to address the problem to determine malicious websites based on the maliciousness inside the websites. It helps to rectify the difficulty of identifying whether we need to visit the website or not. Client honeypot technology can able to identify the client-side attacks by surfing the web pages [19, 20].

During the implementation, the steps of generic algorithm are used in the URL separation and feed within the virtual machine for visit:

1.List of URL to be visited, say N numericals of URLs.

2.Store the list of URLs into the database.

3.Get the URL one by one from mysql database.

**Figure 3** represents the process of the system listing websites which have been presented as having visited a true browser on a client honeypots. By using clean machine of client honeypots, after visiting the clean website taking snapshot of that machine and store the log created at the stage of website visit.

System logs are created in client machine that are analyzed using third-party analyzing tool like antiviruses to identify the contagions on the list of collected logs.

**Figure 3.** *Process of identifying malicious program.*
