Strange download

drar2011 · ‎02-16-2016

Hi everyone, I just noticed something download onto my phone, it is called xdm_iframe.bin Does anyone know what this is? It just downloaded on its own. Thanks.

deloused · ‎02-16-2016

Files like that come from visiting html websites on your browser that have another embedded html code (iFrame) such as a banner/ad/document/link containing a binary coded (.bin) additional embedded code using the Java Xquery data model (XDM).

Qowieury · ‎02-16-2016

Also happening on my note 4

deloused · ‎02-16-2016

It's very common, even on my iPhone.

CodeFarmer · ‎02-16-2016

I got this too and deleted it. But for those interested here are the contents:

<!DOCTYPE html>

<html>

<head>

<title>easyXDM cross-domain XMLHttpRequest provider</title>

easyXDM.DomHelper.requiresJSON("http://z.cdn.turner.com/xslo/cvp/easyxdm/js/json2.ugly.js");

</script>

/*

* This is a CORS (Cross-Origin Resource Sharing) and AJAX enabled endpoint for easyXDM.

* The ACL code is adapted from pmxdr (http://github.com/eligrey/pmxdr/) by Eli Grey (http://eligrey.com/)

*

*/

// From http://peter.michaux.ca/articles/feature-detection-state-of-the-art-browser-scripting

function isHostMethod(object, property) {

var t = typeof object[property];

return t === 'function' || (!!(t === 'object' && object[property])) || t === 'unknown';

}

/**

* Creates a cross-browser XMLHttpRequest object

* @return {XMLHttpRequest} A XMLHttpRequest object.

*/

var getXhr = (function () {

var item;

if (isHostMethod(window, "XMLHttpRequest")) {

return function () {

return new XMLHttpRequest();

};

}

item = (function () {

var list = ["Microsoft", "Msxml2", "Msxml3"],

i = list.length,

obj;

while (i--) {

try {

item = list[i] + ".XMLHTTP";

obj = new ActiveXObject(item);

return item;

} catch (e) {

}

}());

return function () {

return new ActiveXObject(item);

};

}());

// this file is by default set up to use Access Control - this means that it will use the headers set by the server to decide whether or not to allow the call to return

var useAccessControl = false;

// always trusted origins, can be exact strings or regular expressions

var alwaysTrustedOrigins = [(/\.?turner\.com(:\d+)?$/)];

// instantiate a new easyXDM object which will handle the request

var remote = new easyXDM.Rpc({

// local: "/name.html",

swf: "http://i.cdn.turner.com/xslo/cvp/easyxdm/swf/easyxdm.swf"

}, {

local: {

// define the exposed method

request: function (config, success, error) {

var isPOST = config.method === "POST",

pairs = [],

key = '',

data = '',

req,

prop = '',

timeout,

alwaysTrusted = true,

i = alwaysTrustedOrigins.length;

// apply default values if not set

easyXDM.apply(config, {

method: "POST",

headers: {

"Content-Type": "application/x-www-form-urlencoded",

"X-Requested-With": "XMLHttpRequest"

},

success: Function.prototype,

error: function (msg) {

throw new Error(msg);

},

data: {},

timeout: 10 * 1000

}, true);

// set the CORS request header

// only if there is no XHR2 features

if (!window.XMLHttpRequest || !('withCredentials' in (new XMLHttpRequest))) {

config.headers.Origin = remote.origin;

}

// convert the data into a format we can send to the server

for (key in config.data) {

if (config.data.hasOwnProperty(key)) {

pairs.push(encodeURIComponent(key) + "=" + encodeURIComponent(config.data[key]));

}

data = pairs.join("&");

// create the XMLHttpRequest object

req = getXhr();

url = !isPOST && data

? config.url + (~config.url.indexOf('?') ? '&' : '?') + data

: config.url;

req.open(config.method, url, true);

// apply the request headers

for (prop in config.headers) {

if (config.headers.hasOwnProperty(prop) && config.headers[prop]) {

req.setRequestHeader(prop, config.headers[prop]);

}

// set a timeout

timeout = setTimeout(function () {

// reset the handler

req.onreadystatechange = Function.prototype;

req.abort();

req = null;

error({

message: "timeout after " + config.timeout + " second",

status: 0,

data: null,

toString: function () {

return this.message + " Status: " + this.status;

}

}, null);

}, config.timeout);

// check if this origin should always be trusted

while (i-- && !alwaysTrusted) {

if (alwaysTrustedOrigins[i] instanceof RegExp) {

alwaysTrusted = alwaysTrustedOrigins[i].test(remote.origin);

} else if (typeof alwaysTrustedOrigins[i] === "string") {

alwaysTrusted = (remote.origin === alwaysTrustedOrigins[i]);

}

// define the onreadystate handler

req.onreadystatechange = function () {

var rawHeaders,

headers,

headers_lowercase,

reHeader,

m,

errorMessage,

aclAllowedOrigin,

aclAllowedMethods;

if (req.readyState === 4) {

clearTimeout(timeout);

// parse the response headers

rawHeaders = req.getAllResponseHeaders();

headers = {};

headers_lowercase = {};

reHeader = /([\w-_]+):\s+(.*)$/gm;

while ((m = reHeader.exec(rawHeaders))) {

headers_lowercase[m[1].toLowerCase()] = headers[m[1]] = m[2];

}

if (req.status < 200 || req.status >= 300) {

if (useAccessControl) {

error("INVALID_STATUS_CODE");

} else {

error("INVALID_STATUS_CODE", {

status: req.status,

data: req.responseText

});

}

} else {

if (useAccessControl) {

// normalize the valuse access controls

aclAllowedOrigin = (headers_lowercase["access-control-allow-origin"] || "").replace(/\s/g, "");

aclAllowedMethods = (headers_lowercase["access-control-allow-methods"] || "").replace(/\s/g, "");

// determine if origin is trusted

if (alwaysTrusted || aclAllowedOrigin === "*" || aclAllowedOrigin.indexOf(remote.origin) !== -1) {

// determine if the request method was allowed

if (aclAllowedMethods && aclAllowedMethods !== "*" && aclAllowedMethods.indexOf(config.method) === -1) {

errorMessage = "DISALLOWED_REQUEST_METHOD";

}

} else {

errorMessage = "DISALLOWED_ORIGIN";

}

if (errorMessage) {

error(errorMessage);

} else {

success({

data: req.responseText,

status: req.status,

headers: headers

});

}

// reset the handler

req.onreadystatechange = Function.prototype;

req = null;

}

};

// issue the request

req.send(isPOST ? data : "");

}

});

</script>

</head>

<body>

</body>

</html>

Portlandia · ‎02-17-2016

Same thing happened to me tonight. Is there a way to remove it? If so, how?

maryalene · ‎02-17-2016

It's downloaded itself 3 times to my Galaxy S4 since last night. Not sure if that's something to be concerned about or if it's just a harmless file. I tried clearing my history and downloads but that didn't seem to help.

DanielQDC · ‎02-17-2016

This just started happening to me but only when I'm on CNN. I've had my phone for over a year and never had an xdm_iframe.bin file automatically download before.

deloused · ‎02-17-2016

Yeah they're more and more popular it seems as more websites and browsers adopt html5. I notice it also with my local news app, because they embed ads when you scroll thru the articles and launch video ads before watching a news story.

Chrisandra18 · ‎02-17-2016

Just automatically downloaded on my phone too and won't allow me to delete. What should I do?

Categories

Mobile

Home

Accessories

Entertainment

Participate

Help

Self-Help Topics

Information Hub

Samsung Galaxy Note

Samsung Galaxy Note 4