SharePoint Credential Harvest page

Domain Used:
Extra Info: Email received “New Fax Message” clicking the link takes to a outside site. Site is hosted by SquareSpace, URL has been reported to hosting platform but as of now it still up. Clicking the link redirects user to a false login page posing as a SharePoint site.

I’ve already had two of the redirected URLS removed but a new one pops up as soon as they are taken down. Currently it redirects to Share Point Online