Malicious code distribution on the Internet is one of the most critical Internet-based threats and distributiontechnology has evolved to bypass detection systems. As a new defense against the detection bypass technologyof malicious attackers, this study proposes the automated tracing of malicious websites in a malwaredistribution network (MDN). The proposed technology extracts automated links and classifies websites intomalicious and normal websites based on link structure. Even if attackers use a new distribution technology,website classification is possible as long as the connections are established through automated links. The use ofa real web-browser and proxy server enables an adequate response to attackers’ perception of analysisenvironments and evasion technology and prevents analysis environments from being infected by maliciouscode. The validity and accuracy of the proposed method for classification are verified using 20,000 links, 10,000each from normal and malicious websites.