Credential phishing Intel with changing background

1. I found a phishing email that uses a few tricks to help make it legimiate looking by adding a Google Captcha and a picture of a domain's site and possible logo. See the pictures I added to the twitter post
2.  
3. The phishing email was poorly conceived due to the three different phone numbers associated with the phsihing, as well as the to email is not the same as the vmessage was sent to in the email body.
4.  
5. From: +44343424820 <[email protected]>
6. Subject: Missed/Caller from +44 348 043 13676
7.  
8. Where the email was really sent from below. The hacker/scammers added many lines of fake SMTP details to attempt tricking security systems
9.  
10. Received: from FireVPS-RDP (107.189.162.186) by BYAPR04CA0007.namprd04.prod.outlook.com (2603:10b6:a03:40::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.9 via Frontend Transport; Tue, 7 Jan 2020 15:53:01 +0000
11. From: +443 3434 24820 <[email protected]>
12. To: "[email protected]"
13. <[email protected]>
14. Subject: Missed/CaIIer from +44 348 043 13676
15. Thread-Topic: Missed/CaIIer from +44 348 043 13676
16.  
17. The link within the phishing email. I changed the email address. You can just go to the domain and click on the mls directory.
18.  
19. https://cambridgelhok.co.uk/[email protected]&data=02|01|[email protected]|c24ffba3e81c41d477aa08d7938a18ee|6e63ffc0c2fc4cc4b6c4666b2ce89d92|0|0|637140093698241783&sdata=nW3V1ZA3gzKFqURscAgkC20VmoXcKRhiU4NgCaNg2Rs=&reserved=0