Systems and methods are disclosed for identifying malicious traffic associated with a website. One method includes receiving website traffic metadata comprising a plurality of variables, the website traffic metadata being associated with a plurality of website visitors to the website; determining a total number of occurrences associated with at least two of the plurality of variables of the website traffic metadata; generating a plurality of pairs comprising combinations of the plurality of variables of the website traffic metadata; determining a total number of occurrences associated with each pair of the plurality of pairs of combinations of the plurality of variables of the website traffic metadata; determining a plurality of visitor actions associated with the plurality of variables of the website traffic metadata; clustering each of the plurality of pairs and the plurality of visitor actions associated with the plurality of variables of the website traffic metadata into groups; and determining, based on the clustering of the plurality of pairs and the plurality of visitor actions, whether each of the plurality of website visitors are malicious visitors.