We crawl through data like this professionally and from what we see, Hetzner isn't actually that bad at combating fraud. They are not GCP or AWS but there are other hosters of similar scale that have significantly worse response times and leave up clearly compromised machines for a lot longer.
I cannot really comment on this because its A) a multi-dimensional problem (Hosters like Oracle have slightly longer mean removal time than Hetzner but less of their IPs end up in our aggregated blocklist, so does that make them worse or better idk) and B) we're trying to coax at least some of these hosters into using our service to support their fraud team so its probably best not to call out potential customers ;)
