Abstract: The exponential growth in mobile internet usage has dramatically escalated user exposure to malicious webpages, including phishing sites, malware hosts, and obfuscated fraudulent URLs. Conventional blacklist and signature-based defenses prove inadequate against zero-day and dynamically generated threats. This paper introduces a real-time mobile malicious webpage detection framework leveraging a hybrid CNN-LSTM architecture that performs character-level URL analysis to autonomously extract discriminative lexical patterns and sequential dependencies indicative of malicious intent. CNN layers capture localized structural features while LSTM networks model long-range temporal relationships within URL sequences. Deployed via a lightweight FastAPI backend, the system delivers sub-100ms inference suitable for mobile environments. Extensive evaluation on benchmark datasets demonstrates superior detection accuracy (97.8%) and reduced false positive rates (2.1%) compared to traditional ML baselines, establishing this hybrid approach as a robust solution for real-time mobile web security applications.

Keywords: Hybrid CNN-LSTM architecture, character-level URL analysis, FastAPI deployment, zero-day threat mitigation, mobile security, and false positive reduction.

Downloads: | DOI: 10.17148/IARJSET.2026.13158