Websites with malicious intent (hereinafter referred to as malicious websites) have been used for various cyber-attacks such as a malware infection and a phishing attack. By blacklisting malicious websites in advance, it is possible to block access by a user to a malicious website, and to prevent an attack by the malicious website. There are various methods for finding malicious websites. For example, malicious websites are found by inspecting uniform resource locators (URLs) listed by keyword search in search engines, by following hyperlinks, by inspecting URLs of spam mail, and based on user reports (see Non Patent Literatures 1 to 4).
In general, there is an upper limit of the number of entries which can be registered on a blacklist. A volume of processing for matching URL is increased with the increasing number of entries registered on a blacklist. Accordingly, it is preferable to unregister malicious websites no longer used from the blacklist as much as possible. Therefore, countermeasures have been taken, for example, URLs of malicious websites registered on a blacklist are removed after the elapse of a certain period of time (for example, 24 hours, seven days, or the like) (hereinafter referred to as aging), and URLs of malicious websites which do not respond are unregistered.