SYSTEM AND METHOD FOR DETECTING AND PREVENTING SOCIAL ENGINEERING ATTACKS AND ADVERTISEMENTS

§101 §102 §103 §112 §DP

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restrictions NO restrictions warranted at applicant’s initial time of filing for patent. Priority Applicant claims domestic priority under 35 USC 119e to provisional application # 63/600280, filed on 11/17/2023. Information Disclosure Statement The information disclosure statement (IDS) submitted on 02/26/2025, the submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Drawings Applicant’s drawings filed on 11/18/2024 has been inspected and is in compliance with MPEP 608.02. Specification Applicant’s specification filed on 11/18/2024 has been considered and is in compliance with MPEP 608.01. Claim Objections NO objections warranted at applicant’s initial time of filing for patent. Claim Interpretation – 35 USC 112th f The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that use the word “means” or “step” but are nonetheless not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph because the claim limitation(s) recite(s) sufficient structure, materials, or acts to entirely perform the recited function. Such claims and claim limitation(s) is/are: As per claim 1. A system comprising: a processor; and a memory having instruction stored thereon, wherein execution of the instructions causes the processor “to: execute a user interface module, a browser engine, a rendering engine, a networking module, a JavaScript engine, and a data storage module for a web browser; in response to initiating a browsing session for a new website by a user, receive a set of property values, a set of action values, and a set of consequence values associated with the browsing session for the new website from instrumented hooks embedded in the browser engine, the rendering engine, the networking module, the JavaScript engine, and the data storage module; determine, via a trained AI model, a score for the browsing session being associated with a website having a malicious component; and output the score, wherein the score is employed to prevent the user from selecting an actionable component in a rendered website.” As per claim 2. The system of claim 1, wherein execution of the instructions causes the processor “to: output a notification indicating the presence of an actionable component for a rendered website.” As per claim 19. A non-transitory computer-readable medium having instructions stored thereon, wherein execution of the instructions by a processor causes the processor “to: execute a user interface module, a browser engine, a rendering engine, a networking module, a JavaScript engine, and a data storage module for a web browser; in response to initiating a browsing session for a new website by a user, receive a set of property values, a set of action values, and a set of consequence values associated with the browsing session for the new website from instrumented hooks embedded in the browser engine, the rendering engine, the networking module, the JavaScript engine, and the data storage module; determine, via a trained AI model, a score for the browsing session being associated with a website having a malicious component; and output the score, wherein the score is employed to prevent the user from selecting an actionable component in a rendered website.” Because this/these claim limitation(s) is/are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are not being interpreted to cover only the corresponding structure, material, or acts described in the specification as performing the claimed function, and equivalents thereof. If applicant intends to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to remove the structure, materials, or acts that performs the claimed function; or (2) present a sufficient showing that the claim limitation(s) does/do not recite sufficient structure, materials, or acts to perform the claimed function. Appropriate action required. Claim Rejections – 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim[s] 4, 13 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. In for example, claim # 4, line 4, the claims recite a “and/or,” it is unclear as to which elements of: keyboard, mouse, hover; are included or not included in list of register event listener actions. Appropriate action required. Claim[s] 1, 10, 19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. It is unclear from the claim language how the “set of property values,” “set of action values,” “set of consequence values,” is used by trained AI model to generate the score for the browsing session. There is a disconnect here. Appropriate action required. Claim Rejections – 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Regarding claim[s] 1 – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to Mental processes: [concepts performed in the human mind including: (an observation, evaluation, judgement, or opinion)] without significantly more. Of base claims 1, 10, 20, for example in claim # 1, the claim(s) limitations that recited the identified abstract idea: “determine, via a trained AI model, a score for the browsing session being associated with a website having a malicious component;” and [i.e. mental process – evaluation, judgement..etc.] “output the score, wherein the score is employed to prevent the user from selecting an actionable component in a rendered website.” [i.e. mental process – evaluation, judgement by pencil and paper] This judicial exception is not integrated into a practical application or significantly more because the remaining claim limitations amount to “adding insignificant extra – solution activity to the judicial exception – see MPEP 2106.05(g): “execute a user interface module, a browser engine, a rendering engine, a networking module, a JavaScript engine, and a data storage module for a web browser;” “in response to initiating a browsing session for a new website by a user, receive a set of property values, a set of action values, and a set of consequence values associated with the browsing session for the new website from instrumented hooks embedded in the browser engine, the rendering engine, the networking module, the JavaScript engine, and the data storage module;…” The claim(s) 2 – 9, 11 – 18 20 does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because they are drawn to either the same identified abstract idea, another unidentified abstracts idea, “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),” or “generally linking the use of the judicial exception to a particular technological environment of field of use – see MEP 2106.05(h),” in the following manner: As per claim 2. The system of claim 1, wherein execution of the instructions causes the processor to: output a notification indicating the presence of an actionable component for a rendered website. [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 3. The system of claim 1, wherein the set of property values is associated with a compilation and execution of a script of the rendered website and includes at least one of: an execution context of a running script as a top frame or a subframe, an execution context of the running script having a same origin frame or cross-origin frame, a type of script as an inline script in HTML, a type of script as a remote script file, a type of script as a dynamically generated script, an owner of the script being served by a first-party server, an owner of the script being served by a third-party server, a requestor being an HTML parser, and a requestor being from another script that is not an HTML parser. [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 4. The system of claim 1, wherein the set of action values is associated with an observed behavior exhibited by a script of the rendered website and includes at least one of: a register event listener action having an event type associated with a keyboard, mouse, and/or hover, a register event listener action having an event target as a type of DOM element, an add timer callback action as a set Timeout, an add timer callback action as a set Interval, an add timer callback action as an interval, an insert DOM node action using an inserted node type, an insert DOM node action using a inserted node, an insert DOM node action using a inserted node, a modify DOM node attribute, a modify DOM node attribute action using a "style" attribute, a modify DOM node attribute, a modify DOM node attribute action using a "href" attribute, a modify DOM node attribute, a modify DOM node attribute action using a "src" attribute, an open-new-window action using a URL for a new window, a render window using a tab window from an open-new-window action, a render window using a full window from an open-new-window action, an initiate navigation action with a URL of a navigation target, an initiate navigation action from a top frame, an initiate navigation action with a URL from an iframe, an initiate navigation action within a same-origin, an initiate navigation action by a client code, an initiate navigation action by the browser by user action, a send network request action via a URL of the request, a send network action via a script, a send network action via an image, a send network action via a document, and a send network action via a JavaScript object notation (JSON). [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 5. The system of claim 1, wherein the set of consequence values is associated with an observed behavior of the browser after navigation from the rendered website and includes at least one of: a number of redirected hops until landing at a destination page, a number of unique domains of the redirected hops, a redirect type being code-driven, and a redirect type being response-header-driven. [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 6. The system of claim 1, wherein the trained AI model was trained using a set of features populated using a web crawler, wherein the web crawler was configured to simulate user interactions with the respective website to trigger one or more JavaScript events. [i.e. adding the words (“apply it,” or an equivalent wording) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract – see MPEP 2106.05(f)] As per claim 7. The system of claim 1, wherein the trained AI model was trained using a set of features populated using a web crawler, wherein the web crawler was configured to create an in-memory graph where, after visiting each respective website, the graph is dumped into a disk and features are extracted based on a causality relationship of nodes for each website. [i.e. adding the words (“apply it,” or an equivalent wording) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract – see MPEP 2106.05(f)]/ [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 8. The system of claim 1, wherein the initiating the browsing session includes: parsing, via an HTML parser, an HTML document to start rendering a page, wherein the parsing, constructing an in-memory graph, and updating the in-memory graph when a respective instrumented hook embedded in the browser engine is triggered. [i.e. “generally linking the use of the judicial exception to a particular technological environment of field of use – see MEP 2106.05(h),”] As per claim 9. The system of claim 1, wherein the initiating the browsing session includes: concluding a feature vector before the browser commits to a new landing page to infer whether the navigation is related to a social engineering attack. [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 11. The method of claim 10 further comprising: outputting a notification indicating the presence of an actionable component for a rendered website. [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 12. The method of claim 10, wherein the set of property values is associated with a compilation and execution of a script of the rendered website and includes at least one of: an execution context of a running script as a top frame or a subframe, an execution context of the running script having a same origin frame or cross-origin frame, a type of script as an inline script in HTML, a type of script as a remote script file, a type of script as a dynamically generated script, an owner of the script being served by a first-party server, an owner of the script being served by a third-party server, a requestor being an HTML parser, and a requestor being from another script that is not an HTML parser. [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 13. The method of claim 10, wherein the set of action values is associated with an observed behavior exhibited by a script of the rendered website and includes at least one of: a register event listener action having an event type associated with a keyboard, mouse, and/or hover, a register event listener action having an event target as a type of DOM element, an add timer callback action as a set Timeout, an add timer callback action as a set Interval, an add timer callback action as an interval, an insert DOM node action using an inserted node type, an insert DOM node action using a inserted node, an insert DOM node action using a inserted node, a modify DOM node attribute, a modify DOM node attribute action using a "style" attribute, a modify DOM node attribute, a modify DOM node attribute action using a "href" attribute, a modify DOM node attribute, a modify DOM node attribute action using a "src" attribute, an open-new-window action using a URL for a new window, a render window using a tab window from an open-new-window action, a render window using a full window from an open-new-window action, an initiate navigation action with a URL of a navigation target, an initiate navigation action from a top frame, an initiate navigation action with a URL from an iframe, an initiate navigation action within a same-origin, an initiate navigation action by a client code, an initiate navigation action by the browser by user action, a send network request action via a URL of the request, a send network action via a script, a send network action via an image, a send network action via a document, and a send network action via a JavaScript object notation (Json). [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 14. The method of claim 10, wherein the set of consequence values is associated with an observed behavior of the browser after navigation from the rendered website and includes at least one of: a number of redirected hops until landing at a destination page, a number of unique domains of the redirected hops, a redirect type being code-driven, and a redirect type being response-header-driven. [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 15. The method of claim 10, wherein the trained AI model was trained using a set of features populated using a web crawler, wherein the web crawler was configured to simulate user interactions with the respective website to trigger one or more JavaScript events. [i.e. adding the words (“apply it,” or an equivalent wording) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract – see MPEP 2106.05(f)] As per claim 16. The method of claim 10, wherein the trained AI model was trained using a set of features populated using a web crawler, wherein the web crawler was configured to create an in-memory graph where, after visiting each respective website, the graph is dumped into a disk and features are extracted based on a causality relationship of nodes for each website. [i.e. adding the words (“apply it,” or an equivalent wording) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract – see MPEP 2106.05(f)] As per claim 17. The method of claim 10, wherein the initiating the browsing session includes: parsing, via an HTML parser, an HTML document to start rendering a page, wherein the parsing, constructing an in-memory graph, and updating the in-memory graph when a respective instrumented hook embedded in the browser engine is triggered. [i.e. adding the words (“apply it,” or an equivalent wording) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract – see MPEP 2106.05(f)] As per claim 18. The method of claim 10, wherein the initiating the browsing session includes: concluding a feature vector before the browser commits to a new landing page to infer whether the navigation is related to a social engineering attack. [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] As per claim 20. The non-transitory computer-readable medium of claim 19, wherein execution of the instructions causes the processor to: output a notification indicating presence of an actionable component for a rendered website. [i.e. “adding insignificant extra-solution activity to the judicial exception – see MPEP 2106.05(g),”] Double Patenting NO rejections warranted at applicant’s initial time of filing for patent. Claim Rejections - 35 USC § 102 NO rejections warranted at applicant’s initial time of filing for patent. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or non-obviousness. Claim(s) 1, 2, 10, 11, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Simons et al. [US PGPUB # 2026/0046328] in view of Hunt et al. [US PGPUB # 2018/0124110] As per claim 1. Simons does teach a system [paragraph: 0002, The present disclosure generally relates to improved network computing. More particularly, but not exclusively, the present disclosure relates to an improved network browser engine arranged with server-side functionality that permits static information storage and retrieval via a single network link.] comprising; a processor [Figure # 1, and paragraph: 0007, lines 1 – 2, The local computing device 12 includes various hardware structures formed of analog and digital electronic circuitry. The hardware structures include a processor 20 and memory 22. The memory 22 is directly or indirectly coupled to the processor 20 via a memory interface 24.]; and a memory having instruction stored thereon [Figure # 1, and paragraph: 0007, lines 1 – 2, paragraph: 0007, lines 1 – 2, The local computing device 12 includes various hardware structures formed of analog and digital electronic circuitry. The hardware structures include a processor 20 and memory 22. The memory 22 is directly or indirectly coupled to the processor 20 via a memory interface 24.], wherein execution of the instructions causes the processor to: execute a user interface module, a browser engine, a rendering engine, a networking module, a JavaScript engine, and a data storage module for a web browser [Figure # 2, and paragraphs: 17 – 21, user interface 44, browser engine 46, rendering engine 48, network 54, javascript interpreter 56, data persistence 62 ]; in response to initiating a browsing session for a new website by a user, receive a set of property values, a set of action values, and a set of consequence values associated with the browsing session for the new website from instrumented hooks embedded in the browser engine, the rendering engine, the networking module, the JavaScript engine, and the data storage module [Figure # 2, and paragraph: 0018, lines 9 – 17, In the alternative, or in addition, the browser engine 46 of the conventional web browser 40 is arranged to provide hooks for viewing any number of aspects of the browsing session such as popup windows, current page load progress, JavaScript alerts, and the like. The browser engine 46 may also, in some cases, enable querying and manipulation of rendering engine 48 settings (e.g., zoom, pause, playback, playback speed, and the like). Further, at paragraph: 0028, In operation, a user 98 (FIG. 1) interacts with a local computing device 12 (FIG. 1) via a web browser 40. Information input or otherwise directed by the user enters the web browser 40 via user interface 44. The information is passed to a browser engine 46. Optionally, the information is additionally, or alternatively, stored in the data persistence repository 62. In at least some cases, information from the user 98 includes URI or URL information, which is communicated in cooperation with the networking module 54 through the computing network 14 as an HTTP request to a remote computing server 18. An HTTP protocol module 72 of web server 70 pre-processes the HTTP request. An HTTP main server loop 76 queues the request for processing by an HTTP core module 74, and an HTTP request module 78 fulfills the request by serving a web page, which is communicated as static data back through the computing network 14 and the networking module 54. The data of the web page is processed by the rendering engine 48 of the web browser 40 with assistance, if needed, from any of the HTML module 50, CSS module 52, and XML parser 58. Multimedia data of the web page is presented to the user 98 via the display backend 60 and corresponding hardware. Then further of paragraph: 0029, In some cases, the served web page includes JavaScript software instructions, which are processed by the JavaScript interpreter 56. In this case, as in many cases, the JavaScript invokes server-side resources by communicating one or more additional HTTP requests through the computing network 14 back to the web server 70. Alternatively, data embedded in the web page is processed by the web server 70 prior to communicating the web page data back to the web browser 40. In either case, the HTTP request module 78, or some other code of the web server 70, communicates the JavaScript instructions to the JavaScript engine 82. The JavaScript engine 82 interprets the scripts, binds particular resources via the Node.js binding module 84, invokes utilities of the Node.js core library, and performs the necessary action, which optionally includes asynchronous I/O 88. In many cases, the work performed by the server-side JavaScript code is complex, voluminous, resource-intensive, or otherwise suited toward implementation on the computing server 18 rather than the local computing device 12. Results of the executed JavaScript, which in at least some cases includes dynamic web page content, are communicated back to the web browser 40]. While Simons does not clearly teach the claim limitations of: “determine, via a trained AI model, a score for the browsing session being associated with a website having a malicious component; and output the score, wherein the score is employed to prevent the user from selecting an actionable component in a rendered website.” However, Hunt does teach the claim limitations of: “determine, via a trained AI model, a score for the browsing session being associated with a website having a malicious component [paragraph: 0066, In some embodiments, the techniques disclosed herein can be used to detect malicious resources (e.g., URLs), tracking IDs, social media profile usernames, headers, cookies, web components and other indicators. By analyzing the probability a URL should be blacklisted given the hostname and the probability of the hostname given an attribute, the hostname may be marginalized to estimate the number of times an attribute appeared in a blacklist sequence. The calculation may be based on a time interval (e.g., a decay factor) between when the host was blacklisted and when the attribute was detected on the host overlap. Then further of paragraph: 0067, In some examples, a single URI may be associated with one or more scores (e.g., one per attribute). In certain examples, the score may be a maximum score of the one or more scores. In other examples, a Bayesian network model can be generated to take into account multiple scores at the same time. The Bayesian Network model may include probability tables that can be learned using a variety of Machine learning algorithms or entered in manually]; and output the score, wherein the score is employed to prevent the user from selecting an actionable component in a rendered website [paragraph: 0067, In some examples, a single URI may be associated with one or more scores (e.g., one per attribute). In certain examples, the score may be a maximum score of the one or more scores. In other examples, a Bayesian network model can be generated to take into account multiple scores at the same time. The Bayesian Network model may include probability tables that can be learned using a variety of Machine learning algorithms or entered in manually. Then further of Figure # 2, and paragraph 0065, At 260, a URI associated with the attribute may be identified in the list. At 270, an indication that the identified URI is associated with malicious behavior is output. In some examples, outputting may include adding the identified URI to an accomplice list, which is used to identify one or more URIs that have been determined to be associated with malicious behavior.].” It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Simons and Hunt in order for the monitoring of active scripts present in a called webpage from a webpage server for malicious redirects of Simons to include an accomplice model with threshold scoring system of Hunt. This would allow for an improvement of analyzing and detecting malicious active components in a served webpage. See paragraphs: 0024 and 0063 of Hunt. As per claim 2. Simons as modified does teach the system of claim 1, wherein execution of the instructions causes the processor to: output a notification indicating the presence of an actionable component for a rendered website [Hunt, paragraph: 0067, In some examples, a single URI may be associated with one or more scores (e.g., one per attribute). In certain examples, the score may be a maximum score of the one or more scores. In other examples, a Bayesian network model can be generated to take into account multiple scores at the same time. The Bayesian Network model may include probability tables that can be learned using a variety of Machine learning algorithms or entered in manually. Then further of Hunt, at Figure # 2, and paragraph 0065, At 260, a URI associated with the attribute may be identified in the list. At 270, an indication that the identified URI is associated with malicious behavior is output. In some examples, outputting may include adding the identified URI to an accomplice list, which is used to identify one or more URIs that have been determined to be associated with malicious behavior.]. As per method claim 10, that includes the same or similar claim limitations as system claim 1, and is similarly rejected. As per method claim 11 that includes the same or similar claim limitations as system claim 2, and is similarly rejected. As per non – transitory computer-readable medium claim 19, that includes the same or similar claim limitations as system claim 1, and is similarly rejected. As per non – transitory computer-readable medium claim 20, that includes the same or similar claim limitations as system claim 2, and is similarly rejected. Claim(s) 3 – 5, 9, 12 – 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Simons et al. [US PGPUB # 2026/0046328] in view of Hunt et al. [US PGPUB # 2018/0124110], further in view of Sivan et al. [US PAT # 9712560] As per claim 3. Simons and Hunt do teach what is taught in the rejection of claim 1 above. Simons and Hunt do not clearly teach the system of claim 1, wherein the set of property values is associated with a compilation and execution of a script of the rendered website and includes at least one of: an execution context of a running script as a top frame or a subframe, an execution context of the running script having a same origin frame or cross-origin frame, a type of script as an inline script in HTML, a type of script as a remote script file, a type of script as a dynamically generated script, an owner of the script being served by a first-party server, an owner of the script being served by a third-party server, a requestor being an HTML parser, and a requestor being from another script that is not an HTML parser. However, Sivan does teach the system of claim 1, wherein the set of property values is associated with a compilation and execution of a script of the rendered website and includes at least one of: an execution context of a running script as a top frame or a subframe, an execution context of the running script having a same origin frame or cross-origin frame, a type of script as an inline script in HTML [Sivan, col. 11, lines 55 – 60, In some embodiments, some or all of the resources, such as scripts, html pages, and the like, fetched above may be included within the source code of the current webpage, either as an inline script or integrated with one or more additional javascript resources fetched by the current webpage], a type of script as a remote script file, a type of script as a dynamically generated script, an owner of the script being served by a first-party server, an owner of the script being served by a third-party server, a requestor being an HTML parser, and a requestor being from another script that is not an HTML parser. It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Simons as modified and Sivan in order for the monitoring of active scripts present in a called webpage from a webpage server for malicious redirects of Simons as modified to include a black listing operation of Sivan. This would allow for a detailed database that holds specific details as to what uniform resource locators are legitimate or malicious. See col. 8, lines 51 – 59 of Sivan. As per claim 4. Simons as modified does teach the system of claim 1, wherein the set of action values is associated with an observed behavior exhibited by a script of the rendered website and includes at least one of: a register event listener action having an event type associated with a keyboard, mouse, and/or hover, a register event listener action having an event target as a type of DOM element, an add timer callback action as a set Timeout, an add timer callback action as a set Interval, an add timer callback action as an interval, an insert DOM node action using an inserted node type [Sivan, col. 6, lines 4 – 7, The term “node”, as referred to herein with respect to a web page, may relate to an interface from which a number of DOM types inherit, and allows these various types to be treated (and/or tested) similarly. Then further of col. 6, lines 15 – 18, When a certain code segment is injected into the source code of a web page and then rendered and/or otherwise processed by a web browser, this can be referred to as an injection of a node into the DOM.], an insert DOM node action using a inserted node, an insert DOM node action using a inserted node, a modify DOM node attribute, a modify DOM node attribute action using a "style" attribute, a modify DOM node attribute, a modify DOM node attribute action using a "href" attribute, a modify DOM node attribute, a modify DOM node attribute action using a "src" attribute, an open-new-window action using a URL for a new window, a render window using a tab window from an open-new-window action, a render window using a full window from an open-new-window action, an initiate navigation action with a URL of a navigation target, an initiate navigation action from a top frame, an initiate navigation action with a URL from an iframe, an initiate navigation action within a same-origin, an initiate navigation action by a client code, an initiate navigation action by the browser by user action, a send network request action via a URL of the request, a send network action via a script, a send network action via an image, a send network action via a document, and a send network action via a JavaScript object notation (JSON). As per claim 5. Simons as modified does teach the system of claim 1, wherein the set of consequence values is associated with an observed behavior of the browser after navigation from the rendered website and includes at least one of: a number of redirected hops until landing at a destination page, a number of unique domains of the redirected hops, a redirect type being code-driven [Sivan, col. 8, lines 60 – 67 and col. 9, lines 1 – 11, The list, for example, may include information such as uniform resource locators (URLs), Internet protocol (IP) addresses, and/or character strings known to be included in or associated with recognized malicious nodes—those included in the gathered data. In the case of a black list, for instance, the list may include multiple URLs which are known to be used by operators of malicious injection browser extensions. In contrast, in the case of a while list, it may include URLs which have been deemed, for example by an owner of the pertinent web page, to be legitimate. URLs and/or IP addresses have been determined by the inventors to be highly advantageous for inclusion in a black list. This is due to the fact that, oftentimes, the malicious third party responsible for the injection will try and (a) redirect the end user to another Internet resource; (b) fetch content, such as advertisements, from another Internet resource; and/or (c) send private data secretly collected from the end user to a remote Internet resource controlled by the third party], and a redirect type being response-header-driven. As per claim 9. Simons as modified does teach the system of claim 1, wherein the initiating the browsing session includes: concluding a feature vector before the browser commits to a new landing page to infer whether the navigation is related to a social engineering attack [Svian, col. 7, lines 55 – 59, The intercepting, in some embodiments, includes blocking injected nodes before they have had the chance to execute in the browser and affect the DOM. These injected nodes may be held in a blocked state unless they are deemed legitimate and released]. As per method claim 12 that includes the same or similar claim limitations as system claim 3, and is similarly rejected. As per method claim 13 that includes the same or similar claim limitations as system claim 4, and is similarly rejected. As per method claim 14 that includes the same or similar claim limitations as system claim 5, and is similarly rejected. Claim(s) 6, 7, 15, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Simons et al. [US PGPUB # 2026/0046328] in view of Hunt et al. [US PGPUB # 2018/0124110] as applied to claim # 1 above, further in view of Berry et al. [US PGPUB # 2018/0191643] As per claim 6. Simons and Hunt do teach what is taught in the rejection of claim 1 above. Simons and Hunt do not clearly teach the system of claim 1, wherein the trained AI model was trained using a set of features populated using a web crawler, wherein the web crawler was configured to simulate user interactions with the respective website to trigger one or more JavaScript events. However, Berry does teach the system of claim 1, wherein the trained AI model was trained using a set of features populated using a web crawler, wherein the web crawler was configured to simulate user interactions with the respective website to trigger one or more JavaScript events [paragraph: 0104, As mentioned, the Bot Engine can guide the actions of a Bot in accordance with machine learning models. For example, the Bot Engine can train one or more conversation models using a training dataset including example conversations. The training dataset gives examples of at least some probable conversation paths, and based on the training dataset, the Bot Engine builds a machine learning model that overfits the training dataset. Put another way, the Bot Engine uses the conversations of the training dataset similar to rules. However, unlike rules, the example conversations can ignore each other, and when new conversations are added to the training dataset, there is no need to account for the previous stories. Accordingly, each time a new conversation is added to the dataset, the Bot Engine's machine learning model is rebuilt/updated to account for the conversational possibilities/paths represented by the new conversation. As one will appreciate, the training dataset can be specific to a particular merchant so that the machine learning model of the Bot Engine is specific to the conversational paths desired and anticipated by the merchant. In other words, the merchant can provide a training dataset of conversations between human representatives of the merchant and users, and the Bot Engine can train the machine learning model using the provided dataset. As such, the logic of the machine learning model will be tailored to the particular merchant.]. It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Simons as modified and Berry in order for the monitoring of active scripts present in a called webpage from a webpage server for malicious redirects of Simons as modified to include a bot comparison operation of potential active scripts that could redirect the user of Berry. This would allow a more efficient detection operation of malicious active scripts before administer is called to make the determination. See paragraph: 0105, lines 14 – 18 of Berry. As per claim 7. Simons as modified does teach the system of claim 1, wherein the trained AI model was trained using a set of features populated using a web crawler, wherein the web crawler was configured to create an in-memory graph where, after visiting each respective website, the graph is dumped into a disk and features are extracted based on a causality relationship of nodes for each website [Berry, paragraph: 0104, lines 12 – 14, Accordingly, each time a new conversation is added to the dataset, the Bot Engine's machine learning model is rebuilt/updated to account for the conversational possibilities/paths represented by the new conversation.]. As per method claim 15 that includes the same or similar claim limitations as system claim 6, and is similarly rejected. As per method claim 16 that includes the same or similar claim limitations as system claim 7, and is similarly rejected. Claim(s) 8, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Simons et al. [US PGPUB # 2026/0046328] in view of Hunt et al. [US PGPUB # 2018/0124110] as applied to claim # 1, further in view of Maher et al. [US PAT 9032519] As per claim 8. Simons and Hunt do teach what is taught in the rejection of claim 1 above. Simons and Hunt do not clearly teach the system of claim 1, wherein the initiating the browsing session includes: parsing, via an HTML parser, an HTML document to start rendering a page, wherein the parsing, constructing an in-memory graph, and updating the in-memory graph when a respective instrumented hook embedded in the browser engine is triggered. However, Maher does teach the system of claim 1, wherein the initiating the browsing session includes: parsing, via an HTML parser, an HTML document to start rendering a page, wherein the parsing, constructing an in-memory graph, and updating the in-memory graph when a respective instrumented hook embedded in the browser engine is triggered [Figure # 6, and col. 7, lines 40 – 49, The web page rendering module 130 may build a web page upon receiving a request 174 from a client 160. The web page rendering module 130 may then supply the assembled web page to the web server 110 so that the web page can be sent to the client 160. In one embodiment, the web server 110 may include an HTML parser 140 and an HTML writer 145. The HTML parser 140 may parse an HTML document provided by the web page rendering module 130 prior to application of the filter module 120, and the HTML writer may produce a web page (e.g., the filtered web page 195) that is suitable for sending to the client 160.]. As per method claim 17 that includes the same or similar claim limitations as system claim 8 and is similarly rejected. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Kislyuk et al., who does teach detecting suspicious web pages. The method may include 1) identifying a plurality of malicious web pages; 2) establishing a classification model for identifying suspicious web pages, the classification model being based at least in part on the plurality of malicious web pages; 3) identifying an additional web page; 4) classifying the additional web page as suspicious using the classification model; 5) analyzing the additional web page to determine whether the additional web page is malicious; 6) determining that the additional web page is malicious based on the analysis; and 7) updating the classification model based at least in part on the determination. Various other methods, systems, and computer-readable media are also disclosed. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910. The examiner can normally be reached M - F: 9am to 5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at 571- 272- 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /DANT B SHAIFER HARRIMAN/ Primary Examiner, Art Unit 2434