It seems your all alone :)
Not sure how this fell through the cracks the first few days.

Once your site (s) have been mirrored, there is not too much to do (beyond DMCA).

Blocking IP's and inline-linking (i. e., frequently mis-termed as hotlinking) is a simple matter.
Required reviewing you raw logs and putting solutions in place whether htaccess or http.config).

What steps have you taken so far?
Why are your previous steps failing to deny access to the repeated-IP?

Before anything else, check your DNS. Apparent mirroring can happen by mistake when DNS records get garbled. So first make sure it's malice and not error. You can use free tools to see whether the offending site uses the same DNS as you, and take it from there.

It's definitely malice. The site in question (snipped above) is doing the same with tons of other news sites. I'll check DNS. I read something about reverse proxy being the cause, too. Thanks.

How to proceed will depend in part on the mechanics of the offense. Is it a genuine mirror, or are they putting your content in an iframe? * Do the unwanted visits show up in your site logs? Does your htaccess/config include a domain-name-canonicalization redirect? If someone requests nasty-spammy-site dot com, you don't want them being served the content of your own site, even if they've told their own DNS that's where they live.

* I'm finding it harder and harder to keep from typing "iFrame".

Not an iframe, I have a module (drupal) that prevents that.

The site in question has my entire site mirrored with their domain first, like - example.com/www.mysite.com/content/etc.

It looks exactly like my site, but the url is different.

The question is: Are their visitors coming to your physical site (as reflected in access logs), or have they made a copy of your pages? Quickest way to tell is to change one word on a minor page, and then go to the offending URL's version of the page, and see if the change is there.

How big is your site? Is the whole thing being "mirrored", or only selected pages?

You may want to tell the major SEs so the theives don't steal your search traffic. Most all the SEs have a mechanism in place for this.

DMCA worked and the ISP suspended the site. Regarding checking DNS, my IP should be hidden behind cloudflare, so I'm still not sure how they did it.

I'm still not sure how they did it.

If you're not already doing so, this might be the motivation to build a defensive blocking schema of UAs, IPs, Header & Behavior. If they can't get your content, they can't copy it.