This is for bug bounties - so while the targets aren’t mine, they will be listed on sites like https://www.hackerone.com/
I have seen some streamers used digitalocean for bug hunting. But I can’t say for sure whether it’s within their AUP or nah.
My rule which I repeatedly cited to clients at DO was this:
It can’t be a denial of service attack, and I don’t want to receive abuse complaints about it. Within those parameters you’re fine (honestly on most/all services typically under those conditions).