Conventionally, there is a type of attack called a “targeted attack” that aims at a specific organization or a managed network thereof. With respect to the targeted attack, there have been reported many cases where in order to avoid countermeasures by a malicious uniform resource locator (URL) list that is open to the public, an attacker prepares a malicious URL that has not been registered in the list. As countermeasures against this targeted attack, an “organization-based malicious URL list” is required. In order to create the “organization-based malicious URL list”, a malicious URL candidate list needs to be prepared for each organization and examined by a malicious URL examination system or the like.