Hey, I've been having some funny issues with Chrome today. Could someone have a look at the following file I found in my /var/db directory? It doesn't appear to be an Apple script, and in fact there's only two exact Google matches for that file name. So I'm a bit puzzled where it came from. I don't want to put my tinfoil hat on just yet, but if I'm not mistaken this header appears to be spoofing the credentials of an Apple server. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>event</key> <string>reject</string> <key>timestamp</key> <date>2015-12-17T02:17:11Z</date> </dict> </plist> Any advice would be appreciated. For what it's worth, there is a corresponding event in my console from earlier this evening that reads "12/16/15 5:52:38.023 PM ntpd: time set +0.302704 s."