antivirus companies consider the service to be a botnet

[starius]

Some botnet owners seem to use onion gates like onion.gq to connect infected machines to the master of the botnet which is located in onion. Some other people report this:

• http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_crypctb.sme
• https://malwaretips.com/threads/connects-to-tor-hidden-services-through-tor2web.42274/

That is why my server serving service onion.gq was suspended again yesterday.

Does somebody know abuse resistant ISP to host it?

Another approach I want to try is adding JavaScript puzzle on confirmation page to make it harder to connect from non-browser HTTP agents (like botnet agents).

[starius]

Created new VPS today.

1. Why not add an option to deny non-GET request, and use it? If your public service allow POST request, bad people will use your service for C&C server(malware).
2. For VPS candidate: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs

I want to try is adding JavaScript puzzle

And please don't do it. If you're using Tor, you'll notice many Cloudflare websites show captcha instead of content. And many people who use Tor didn't enable Javascript. Take a look at "onion.link". They serve .onion webpage content without Ads nor Captcha.