That’s not a phishing site. That’s standard zero-click /smartlink monetization. It’s a lot to explain and I’m on mobile but it isn’t anything to do with phishing.
But, it certainly wasn't from Spectrum (my ISP), but they designed the page to make it look like it was.
I agree that it could be totally unrelated to the root mystery though. But "everyone here fell for malware or got phished" seems like the most likely explanation, even if my answer happens to be otherwise incorrect.
the site is an advertising redirect and these same attackers (or at least users of the same IP ranges) use leaked credentials to login to Microsoft/Outlook accounts using SMTP
