One of the phshers from Sendgrid has apparently moved off from Sendgrid and onto a Digital Coean VPS, with the phish URI located on storage.googleapis.com.
Google: You provided this service and made it available to Internet users. Please *fix* this problem ASAP. 🙁
Received: from send0.riverrockscvs.com (unknown [220.127.116.11])
Date: 10 Sep 2020 23:##:## -0700
From: <spamtrap domain><<x>@<x>>
Subject: Urgent required you have (##) pending incoming Emails in <spamtrap>.
You have (13) pending incoming Emails
Your allowed Email Quota usage has been exceeded on your account.
Please kindly verify your Human and not a robot by following the below link, so we can get your account running normal again.
[ Verify Webmail Account ]
$ host storage.googleapis.com
storage.googleapis.com has address 18.104.22.168
storage.googleapis.com has address 22.214.171.124
storage.googleapis.com has address 126.96.36.199
storage.googleapis.com has address 188.8.131.52
storage.googleapis.com has address 184.108.40.206
storage.googleapis.com has address 220.127.116.11
storage.googleapis.com has IPv6 address 2607:f8b0:4005:80b::2010
storage.googleapis.com has IPv6 address 2607:f8b0:4005:804::2010
storage.googleapis.com has IPv6 address 2607:f8b0:4005:807::2010
storage.googleapis.com has IPv6 address 2607:f8b0:4005:80a::2010
[NOTE: There is no redirect URI in this page. It appears to be a Roundcube Webmail email address and password login or confirmaiton page. In other words, somebody is using Google’s API to phish. ] 🙁