1. A URL selection method to be executed in a URL selection device that is connected to a wide area network, the method comprising:a first extraction step of extracting URLs up to an upper limit value of the number of URLs set to each of URL groups in a range where a total number of URLs is within a predetermined number of URLs, in order of priority set to each of the URL groups, from each of the URL groups which are differently identified by analyzing a same traffic log by a respective different analysis technique from different categories of analysis techniques, the traffic log being obtained from a terminal device configured to collect the traffic log in a first network that connects to the wide area network, wherein the wide area network is accessible by at least one of an attacker terminal, a malware distribution server, and a malicious server;
a second extraction step of further extracting URLs within the predetermined number of URLs, based on the priority, when the total number of URLs extracted from each of the URL groups in the first extraction step is less than the predetermined number of URLs;
generating a URL list based on the extracted URLs; and
distributing the URL list to a security-related device as destination URLs, accesses from which are to be filtered,
wherein the order of priority for extracting the URLs and the upper limit value is set to each of the URL groups according to the respective different analysis technique of the respective URL group, and the order of priority and the upper limit value is assigned based at least partially on whether or not a malicious URL was detected during a previous evaluation performed on a URL group identified by each of the different analysis techniques.