As they say, when it rains, it pours. Recently, we observed more than 3,000 phishing emails containing phishing URLs abusing services at workers.dev and pages.dev domains.