A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely. The method consists of gluing together multiple pieces of HTML hidden in JavaScript files to obtain the fake login interface and prompt the potential victim to type in the sensitive information. Researchers at Trustwave decoded the text and found more decoding ahead as it was further obfuscated through Entity codes. Using GCHQ s CyberChef, they revealed links to two JavaScript files hosted at yourjavascript.com
Source: https://www.bleepingcomputer.com/news/security/microsoft-office-365-phishing-evades-detection-with-html-lego-pieces/