geo-um.btrll.com Untrusted Certificate

I too use https://umbrella.cisco.com/ and I am sharing a similar problem with *.btrll.com somehow creeping into my macOS system.

First, thanks for being alert and including a picture of the certificate. Next, be aware that Cisco Umbrella protects you and me from malware sites like *.btrll.com by intercepting the DNS request, and re-directing the active web browser to an Cisco Umbrella warning page alerting you that you were almost hijacked.

The reason why you are getting the pop-up for an untrusted certificate -- and not seeing the expected Cisco Umbrella warning page -- is that your macOS system has not yet been told to "Trust" the Cisco Umbrella root level certificate.

My recommendation is that you click to "Always Trust" certificates from Cisco Umbrella -- which will then allow you to see the Cisco Umbrella warning page.

For a longer-winded explanation of the above, see https://docs.umbrella.com/product/umbrella/rebrand-cisco-certificate-import-info rmation/

In closing : I do not install anti-virus products on my macOS, but I _highly recommend_ use of Cisco's Umbrella product (formerly known as OpenDNS.com Umbrella). Although my copy of Cisco Umbrella protects me from *.btrll.com and other malware sites, I am have a devil of a time figuring out _what web sites_ are bringing in the unwelcome *.btrll.com references.

this is not a virus or malware but it could be a bug with Safari as it happens to a select group of users.

report it as a bug or leave Feedback with Apple