As web threats are dynamic and universal, an on-line mal-webpage detection system based on honeypot is designed. In this system, the URL table with some special fields is designed to store URLs, and the honeypot is used to detect those Webs that are not in table or in table but need detection once again. The system can detect the safe state of Webs in realtime with more accuracy.