I have no experience with the UDM Pro, but here is my €0,02:
- Not sure how and where you were capturing, but in switched networks you do not see all traffic on all ports, so it is very likely that this traffic, even if it is in your network, will not show up on all parts of the network. See: https://wiki.wireshark.org/CaptureSetup/Ethernet
- Does the UDM show on which Interface it is seeing this traffic? It looks like you can make a packet capture on that specific interface on the UDM itself, see https://help.ui.com/hc/en-us/articles/204959834-Advanced-Logging-Information
- As OUI's consist of 3 octets, it would be nice if you can share the first 3 octets of the mac-address instead of the first two. But based on the first two, it looks like it could be from HUMAX Co (90:d0:92:xx:xx:xx), which can be found in Wireshark by going to
tools -> Mac Address Blocks - HUMAX Co does seem to be related to TV setop boxes
I hope this will give you some direction on finding the device and why it is sending out a lot of traffic that is blocked by your UDM, even though this traffic could be totally benign (though it could also not be benign).
