Strange download

drar2011 · ‎02-16-2016

Hi everyone, I just noticed something download onto my phone, it is called xdm_iframe.bin Does anyone know what this is? It just downloaded on its own. Thanks.

deloused · ‎02-16-2016

Files like that come from visiting html websites on your browser that have another embedded html code (iFrame) such as a banner/ad/document/link containing a binary coded (.bin) additional embedded code using the Java Xquery data model (XDM).

Qowieury · ‎02-16-2016

Also happening on my note 4

deloused · ‎02-16-2016

It's very common, even on my iPhone.

CodeFarmer · ‎02-16-2016

I got this too and deleted it. But for those interested here are the contents:

<!DOCTYPE html>

<html>

<head>

<title>easyXDM cross-domain XMLHttpRequest provider</title>

easyXDM.DomHelper.requiresJSON("http://z.cdn.turner.com/xslo/cvp/easyxdm/js/json2.ugly.js");

</script>

/*

* This is a CORS (Cross-Origin Resource Sharing) and AJAX enabled endpoint for easyXDM.

* The ACL code is adapted from pmxdr (http://github.com/eligrey/pmxdr/) by Eli Grey (http://eligrey.com/)

*

*/

// From http://peter.michaux.ca/articles/feature-detection-state-of-the-art-browser-scripting

function isHostMethod(object, property) {

var t = typeof object[property];

return t === 'function' || (!!(t === 'object' && object[property])) || t === 'unknown';

}

/**

* Creates a cross-browser XMLHttpRequest object

* @return {XMLHttpRequest} A XMLHttpRequest object.

*/

var getXhr = (function () {

var item;

if (isHostMethod(window, "XMLHttpRequest")) {

return function () {

return new XMLHttpRequest();

};

}

item = (function () {

var list = ["Microsoft", "Msxml2", "Msxml3"],

i = list.length,

obj;

while (i--) {

try {

item = list[i] + ".XMLHTTP";

obj = new ActiveXObject(item);

return item;

} catch (e) {

}

}());

return function () {

return new ActiveXObject(item);

};

}());

// this file is by default set up to use Access Control - this means that it will use the headers set by the server to decide whether or not to allow the call to return

var useAccessControl = false;

// always trusted origins, can be exact strings or regular expressions

var alwaysTrustedOrigins = [(/\.?turner\.com(:\d+)?$/)];

// instantiate a new easyXDM object which will handle the request

var remote = new easyXDM.Rpc({

// local: "/name.html",

swf: "http://i.cdn.turner.com/xslo/cvp/easyxdm/swf/easyxdm.swf"

}, {

local: {

// define the exposed method

request: function (config, success, error) {

var isPOST = config.method === "POST",

pairs = [],

key = '',

data = '',

req,

prop = '',

timeout,

alwaysTrusted = true,

i = alwaysTrustedOrigins.length;

// apply default values if not set

easyXDM.apply(config, {

method: "POST",

headers: {

"Content-Type": "application/x-www-form-urlencoded",

"X-Requested-With": "XMLHttpRequest"

},

success: Function.prototype,

error: function (msg) {

throw new Error(msg);

},

data: {},

timeout: 10 * 1000

}, true);

// set the CORS request header

// only if there is no XHR2 features

if (!window.XMLHttpRequest || !('withCredentials' in (new XMLHttpRequest))) {

config.headers.Origin = remote.origin;

}

// convert the data into a format we can send to the server

for (key in config.data) {

if (config.data.hasOwnProperty(key)) {

pairs.push(encodeURIComponent(key) + "=" + encodeURIComponent(config.data[key]));

}

data = pairs.join("&");

// create the XMLHttpRequest object

req = getXhr();

url = !isPOST && data

? config.url + (~config.url.indexOf('?') ? '&' : '?') + data

: config.url;

req.open(config.method, url, true);

// apply the request headers

for (prop in config.headers) {

if (config.headers.hasOwnProperty(prop) && config.headers[prop]) {

req.setRequestHeader(prop, config.headers[prop]);

}

// set a timeout

timeout = setTimeout(function () {

// reset the handler

req.onreadystatechange = Function.prototype;

req.abort();

req = null;

error({

message: "timeout after " + config.timeout + " second",

status: 0,

data: null,

toString: function () {

return this.message + " Status: " + this.status;

}

}, null);

}, config.timeout);

// check if this origin should always be trusted

while (i-- && !alwaysTrusted) {

if (alwaysTrustedOrigins[i] instanceof RegExp) {

alwaysTrusted = alwaysTrustedOrigins[i].test(remote.origin);

} else if (typeof alwaysTrustedOrigins[i] === "string") {

alwaysTrusted = (remote.origin === alwaysTrustedOrigins[i]);

}

// define the onreadystate handler

req.onreadystatechange = function () {

var rawHeaders,

headers,

headers_lowercase,

reHeader,

m,

errorMessage,

aclAllowedOrigin,

aclAllowedMethods;

if (req.readyState === 4) {

clearTimeout(timeout);

// parse the response headers

rawHeaders = req.getAllResponseHeaders();

headers = {};

headers_lowercase = {};

reHeader = /([\w-_]+):\s+(.*)$/gm;

while ((m = reHeader.exec(rawHeaders))) {

headers_lowercase[m[1].toLowerCase()] = headers[m[1]] = m[2];

}

if (req.status < 200 || req.status >= 300) {

if (useAccessControl) {

error("INVALID_STATUS_CODE");

} else {

error("INVALID_STATUS_CODE", {

status: req.status,

data: req.responseText

});

}

} else {

if (useAccessControl) {

// normalize the valuse access controls

aclAllowedOrigin = (headers_lowercase["access-control-allow-origin"] || "").replace(/\s/g, "");

aclAllowedMethods = (headers_lowercase["access-control-allow-methods"] || "").replace(/\s/g, "");

// determine if origin is trusted

if (alwaysTrusted || aclAllowedOrigin === "*" || aclAllowedOrigin.indexOf(remote.origin) !== -1) {

// determine if the request method was allowed

if (aclAllowedMethods && aclAllowedMethods !== "*" && aclAllowedMethods.indexOf(config.method) === -1) {

errorMessage = "DISALLOWED_REQUEST_METHOD";

}

} else {

errorMessage = "DISALLOWED_ORIGIN";

}

if (errorMessage) {

error(errorMessage);

} else {

success({

data: req.responseText,

status: req.status,

headers: headers

});

}

// reset the handler

req.onreadystatechange = Function.prototype;

req = null;

}

};

// issue the request

req.send(isPOST ? data : "");

}

});

</script>

</head>

<body>

</body>

</html>

Portlandia · ‎02-17-2016

Same thing happened to me tonight. Is there a way to remove it? If so, how?

maryalene · ‎02-17-2016

It's downloaded itself 3 times to my Galaxy S4 since last night. Not sure if that's something to be concerned about or if it's just a harmless file. I tried clearing my history and downloads but that didn't seem to help.

DanielQDC · ‎02-17-2016

This just started happening to me but only when I'm on CNN. I've had my phone for over a year and never had an xdm_iframe.bin file automatically download before.

deloused · ‎02-17-2016

Yeah they're more and more popular it seems as more websites and browsers adopt html5. I notice it also with my local news app, because they embed ads when you scroll thru the articles and launch video ads before watching a news story.

Chrisandra18 · ‎02-17-2016

Just automatically downloaded on my phone too and won't allow me to delete. What should I do?

maryalene · ‎02-17-2016

Now that Daniel mentions CNN, it does seems like the downloads always start after I visit that site. Guess it's time to find a new place to check the news on my phone.

Portlandia · ‎02-17-2016

Ditto, now that I think about it, it was a CNN article that was linked. Is there really nothing we can do about this? It seems, at the very least, they should alert us and allow us to opt out.

spot61701 · ‎02-17-2016

This happened last night on my android note 5 on the sprint network. I had, earlier in the day, linked to a bleacher report article on peyton manning from cnn. It did had frames imbedded. Now, my internet browser has been hacked...when i attempt to visit yahoo, it hijacks to a different, but yahoo-looking (-ish...it's a bad fake). Pretty concerned on this.

brutusf · ‎02-17-2016

Happened to me too, also while visiting CNN website. Will be interested to know if anyone figures out a solution.

Portlandia · ‎02-17-2016

I did figure out how to delete the file, at least (Samsung galaxy s5)

Settings \ Storage \ downloads \ find the file \ click and hold so a select button appears and when you select it a trash can will appear in the top right.

butlerwbm · ‎02-18-2016

Same thing happened to me yesterday. CNN article for me too, whaddya know?

brutusf · ‎02-18-2016

The question now is, how do we stop it from continuing to happen?

butlerwbm · ‎02-18-2016

CNN? Verizon? ...CNN? For the record I got it with an S6 Edge.

brutusf · ‎02-18-2016

Actually, for the record for me also, this happened to me on my Nexus 7

tablet which does not have cellular service. So this is definitely a CNN

problem. Good luck figuring out how to get them to stop their website from

doing it.

Discussions

Mobile

5G / LTE Home Internet

Fios

Military

Accessories

Entertainment

Level Up

Help

Tutorials

Archives

Strange download

Samsung Galaxy Note

Samsung Galaxy Note 4

Browse discussions within categories

Add thoughts to the community