With the rapid development of the Internet, malicious web pages including phishing, spamming and malware are gradually increasing, resulting in endangering network security. To address this challenging issue, a novel malicious URL recognition method based on multi-feature fusion and machine learning is proposed. More specifically, three classic features (URL, HTML and JavaScript code features) and two presented effective features (HTTP request and Text features) are first extracted from URL dataset. Then, several machine learning models are adopted to train binary classification model with the selected discriminant features. Finally, we use ten-fold cross-validation accuracy to evaluate the performance of different classification models. Experimental results verify that the selected features are conductive for malicious URLs detection and the random forest model trained using the presented hybrid feature set performs better than other classification techniques.