See what user‑agent accompanies the request. Bots like curl, python‑requests, or Mozilla/5.0 from odd IP ranges suggest automated probing.
A malicious browser extension (often added without clear consent) can inject fake "update" prompts into any webpage you visit. This is less common but more persistent, as standard antivirus scans may not remove extensions. httpswwwbuumalcom upd
If you are still seeing these alerts, follow this removal guide immediately. See what user‑agent accompanies the request
A user trying to reach buumal.com/upd made multiple typos, and your site received the request if you own a similarly misspelled domain. Run a full antivirus scan: Use Windows Defender