Prreqcroab.icu continues to pop up as blocked from different devices on our network

I started getting this message involving the same url. No idea what is triggering this but it has been happening for a few days now.
No one is accessing this site. The message names one of my wireless routers, so I'm not sure if this is some sort of firmware bug or something.
The brand is Deco if you happen to have the same brand router.

I have an AT&T router, so not sure if that will help determine if it's firmware, but I do hope someone from AT&T can let us know if it's a device, a potential security breach/bug, malware viruses/links, or what other issue could be causing this. It seems to be something other people are experiencing, too, as the searches online regarding this site are demonstrating.

I'm unsure what this means, and certainly not a tech, but I noticed it a while ago when some of the college kids were doing homework and would have to go to a site-directed by the course/instructor. Some of these sites are NOT checked, yet the students still have to research or use them.

But it really clicked/I noticed it again when I hit an ad link on Youtube, and the Smart Manager message popped up. Perhaps it's already in the network trying to reach back to its source, I don't know, but something isn't right. So I'm thinking, OK, perhaps ad links could be unsafe/faulty .... it's possible, right?

I mean, malware is alive and well out here on the internet. I know I didn't deliberately click that site link. But then, I started searching online and noticed others were reporting the same thing. Coincidence? Probably not. Something is going on.

I want to know what is "IS" and how to "PREVENT" damage or initiate more protection if necessary. Searching on the net brings up many warnings about this site on scam site checkers/detectors. Thankfully, it appears that Site Manager is blocking the site from outbound access, so to me (in my mind), it could possibly mean it may be in the network/on devices or something. Or not. 

I'd sure like to know for sure.

Anxious to hear as well. 

I have the same website popping up as blocked over and over. In fact, it pops up in the middle of the night when there are no devices active. What my search has revealed to this point is it it does seem to coincide with Google Calendar activity. I just entered something in my calendar and that website got blocked or a website reminder went off at 2:00am and that website got blocked. Only anecdotal evidence thus far, and that this is not enough for me to unblock it until I hear from AT&T.

This is the scary comment on Wikipedia:

the firm measures metrics such as audience age and gender makeup, areas of interest and type, length and frequency of their engagement with certain types of content. This private information is made publicly available to be used by marketers and publishers to accurately understand their audience in granular detail.

here’s the Whois record:

whois.nic.icu]
Domain Name: PRREQCROAB.ICU
Registry Domain ID: D325526776-CNIC
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL:
Updated Date: 2022-11-08T12:00:59.0Z
Creation Date: 2022-09-30T20:36:52.0Z
Registry Expiry Date: 2023-09-30T23:59:59.0Z
Registrar: MarkMonitor, Inc (TLDs)
Registrar IANA ID: 292
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization: Quantcast
Registrant State/Province: CA
Registrant Country: US
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: NS-209.AWSDNS-26.COM
Name Server: NS-765.AWSDNS-31.NET
Name Server: NS-1766.AWSDNS-28.CO.UK
Name Server: NS-1347.AWSDNS-40.ORG
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: [email scrubbed]
Registrar Abuse Contact Phone: +1.2083895740
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2023-02-19T01:03:00.0Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnic.com/support/rdap <<<

The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnic.com)

Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnic.com/pub/whois_guidance.

Any idea how they got out of my machine/our machines? What service is using them? AT&T, this is your form why is no one from AT&T answering?

wow 😯🫤 Yeah…I want to know how too ….not sure if AT&T will have an answer since it appears the Smart Manager is doing its job. I have a VPN…do my best to put privacy blockers in place but ….virus software……but tech is evolving. So I hope something is put  in place to counter these tactics.

This is not something we can control. Anytime we go to a website, if that website uses this analytical software, then you'll have a call from that browser connection being made back to the mother ship (quantcast). So it happens as you're surfing the web; this does not originate from your machine, it's a call being made from your browser because of the website you're on. AT&T has no control over that; their tech. simply sees it happening and puts the kibosh on it, which is exactly what I want it to do.

The evildoer in this case is quantcast and their ability to bypass whatever privacy tools we may have installed as extensions in our browsers. They've figured out a way to track all our behavior without using cookies. I imagine all these calls to that weird web address have something to do with that.

Jrkoop, if it is a response to going to a website, why does it happen in the middle of the night.  I blame Chrome and google. The only other thing working in the wee hours is Code 42.