The old name is the point, not the problem

Some internet companies become large enough to measure by subscriber count, tower footprint or cloud capacity. Others become interesting because they refuse to disappear. Virtual Access Internet belongs in the second group. Its most visible current face is not a mass-market broadband shop but the VXS and VXSBill web surface at https://vxs.com/, where the company presents itself as a provider of billing and hosting services with more than 25 years of experience. The older network name still sits behind that front door: Virtual Access Internet B.V., trading as VirtualXS, owns the VXS and VXSBill marks according to the footer on the same site, and the legacy domain https://www.virtualxs.com/ serves the same content and redirects to vxs.com.

That continuity matters because the economic question is not whether this is a modern consumer-access challenger. It is whether a company that sounds like a dial-up or early-hosting survivor still controls something worth paying for. The answer is yes, but the value is narrower than the name suggests. Public records show a Dutch legal company, a long-running domain set, a live autonomous system, its own RIPE local internet registry record, a small announced IPv4 block, a payment-processing product aimed at subscription and higher-risk merchants, and a managed hosting offer built around dedicated servers, rack space, bandwidth, monitoring and remote hands. Those are not traces of a dead brand. They are signs of a small operator whose business depends on being trusted to keep niche merchants, payment pages and hosted systems reachable.

The reconciliation has to come early. The legal company is Virtual Access Internet B.V.; the current product brand is VirtualXS; the payment product is VXSBill; the current main website is vxs.com; PeeringDB still records the website as http://www.virtualxs.com; RIPE identifies the autonomous system as AS15535, VIRTUALXS-AS, under organisation ORG-VA9-RIPE; and the Dutch company-register mirror at https://www.bedrijvenregister.nl/uitgeest/virtual-access-internet-bv gives the Chamber of Commerce number as 35031155 at Anna van Renesseplein 8, Uitgeest. Bloomberg's LEI page at https://lei.bloomberg.com/leis/view/7245008IXHQB6SIJND21 corroborates the same legal name, address and registration authority ID, while showing the LEI registration itself as lapsed. That combination is not unusual for a small private company: the company can remain active even if a voluntary identifier has not been renewed.

The domain trail points in the same direction. Verisign RDAP shows vxs.com registered in 1996 at https://rdap.verisign.com/com/v1/domain/VXS.COM, virtualxs.com registered in 1999 at https://rdap.verisign.com/com/v1/domain/VIRTUALXS.COM, and vxsbill.com registered in 2002 at https://rdap.verisign.com/com/v1/domain/VXSBILL.COM. DNS lookups during research resolved vxs.com, virtualxs.com and vxsbill.com to 62.129.128.144, inside the company's public AS15535 address space, and vxs.com delegates to virtualxs.com name servers. The technical implication is simple: the brand may have shortened, but the old infrastructure identity still carries live service.

That is the opening judgment. Virtual Access Internet is not valuable because it is large. It is valuable, if the public signals are read conservatively, because it has kept a small stack of hard-to-fake assets aligned for a long time: legal continuity, domain continuity, number-resource continuity, merchant-facing billing software, hosting operations and a support model that claims in-house engineering. The company would be much less interesting if those elements were disconnected. They are not.

The operating surface is billing plus hosting, not household broadband

The company name invites a mistake. "Access Internet" can sound like a retail ISP, but the current commercial pages do not sell home broadband plans. They sell two linked services: payment processing and internet hosting. On the payment side, https://vxs.com/billing.php says VirtualXS provides credit-card billing and other payment methods under the VXSBill name, can clear Mastercard, Visa, Maestro, iDEAL and Sofort transactions, and also offers phone billing. The page adds an important boundary: VirtualXS says it is not a third-party billing company, but works as a payment service provider for banks; payouts from merchant accounts are made directly by acquiring bank partners, while VirtualXS invoices merchants separately each month.

That sentence defines the revenue logic. If the merchant account remains with a bank partner, VirtualXS is selling the technical and risk layer around the transaction rather than claiming to be the balance-sheet institution holding funds. Its published VXSBill rates are specific enough to anchor the model: no setup fee, EUR 50 per website per month, EUR 100 per merchant account per month, and EUR 0.15 to EUR 0.50 per transaction depending on volume, with 3-D Secure, fraud scrubbing and transaction management included. The economics are therefore a blend of recurring platform fees, per-transaction fees and merchant support value. A small number of medium or large merchants can matter if transaction count, chargeback management and membership operations are meaningful.

The customer target is also explicit. The about page at https://vxs.com/about.php says the company was founded in 1999, started with pure credit-card processing, and later added debit-card support, premium-rate phone access, affiliate marketing and white-label solutions. It says services are mainly aimed at medium- and large-volume merchants running membership websites or one-off transaction sites such as online shops or cam and dating sites. That is not generic fintech language. It describes a merchant base where recurring billing, trials, cancellations, fraud screening, chargebacks, cross-sales and adult or dating-sector reputational risk are not side issues. They are the business.

Hosting is the other half. The hosting page at https://vxs.com/hosting.php says VirtualXS offers managed hosting and co-location services, only dedicated solutions, bring-your-own or arranged hardware, rack space, network connectivity and bandwidth calculated either on 95th percentile or flat rate. It describes a network operations center using the company's FLAME system to monitor data-center operations, equipment status and customer servers. It also advertises engineer support for hardware, software, network problems, installation, repair, upgrades, script execution and remote hands when the customer cannot be physically present in the data center.

The two businesses reinforce each other. A payment processor for subscription merchants needs reliable hosting, secure payment pages, fraud controls, logs, reporting, membership cancellation tools and uptime. A hosting provider for merchants gains stickiness if it can also run checkout and member-management flows. VirtualXS says its payment pages are provided in 14 languages, including English, German, French, Spanish, Dutch, Italian, Portuguese, Danish, Norwegian, Swedish, Greek, Turkish, Japanese and Chinese, and that merchants can use their own look and feel while offloading sensitive card handling to VirtualXS. That is a classic early-2000s internet services bundle, but the bundle can still make economic sense for merchants whose needs do not fit cleanly into mainstream self-serve platforms.

The hard limit is public proof. The website describes a capable niche business, but it does not publish current merchant count, transaction volume, hosting capacity, data-center locations, acquiring partners, audited uptime, PCI attestation, chargeback ratios, revenue or employee count. The right conclusion is not that the claims are false. It is that the public evidence supports a functioning niche operating surface, not a fully underwritten growth story.

One IPv4 prefix can still be a serious asset

The network record is small, but it is not decorative. RIPE's AS object at https://rest.db.ripe.net/ripe/aut-num/AS15535.json identifies AS15535 as VIRTUALXS-AS, links it to ORG-VA9-RIPE, gives status ASSIGNED, and shows a creation date of 25 January 2002. The organisation record at https://rest.db.ripe.net/ripe/organisation/ORG-VA9-RIPE.json names Virtual Access Internet B.V., country NL, registry number 35031155, local internet registry type, and the Uitgeest address. RIPE Stat's AS overview at https://stat.ripe.net/data/as-overview/data.json?resource=AS15535 shows the holder as "VIRTUALXS-AS Virtual Access Internet BV" and the AS as announced on 3 July 2026.

Current reachability is concentrated. RIPE Stat's announced-prefixes view at https://stat.ripe.net/data/announced-prefixes/data.json?resource=AS15535 listed one visible prefix, 62.129.128.0/21, over the window ending 3 July 2026. The routing-status endpoint at https://stat.ripe.net/data/routing-status/data.json?resource=AS15535 showed 2,048 announced IPv4 addresses, no visible IPv6 originated by the AS, 325 of 325 full-table IPv4 peers seeing the route, and one observed neighbour. The prefix-overview endpoint at https://stat.ripe.net/data/prefix-overview/data.json?resource=62.129.128.0/21 confirmed the same prefix as announced by AS15535. In plain economic terms, Virtual Access Internet is not running a sprawling network. It is keeping a small but globally visible address block alive.

Small can still be useful. A /21 is enough address space for payment front ends, control systems, name servers, hosting customers, monitoring endpoints, legacy applications and dedicated servers that need stable public IPv4. IPv4 scarcity gives such space optionality, but the more important value is operational continuity. A merchant integration, a payment callback, a name-server delegation or a hosted application that has lived inside the same network for years is expensive to move if the customer is risk-averse or understaffed. The asset is not merely the addresses. It is the reduced friction of leaving things where they work.

The route history sharpens the legacy point. RIPE Stat's routing-history endpoint at https://stat.ripe.net/data/routing-history/data.json?resource=AS15535 shows AS15535 visible in routing data as early as October 2000 with a broader 62.129.128.0/19 route, while current visibility has narrowed to 62.129.128.0/21. RIPE's own search for 62.129.128.0/21 records the inetnum as NL-VIRTUALXS-20000728, with status ALLOCATED PA, and a route object for 62.129.128.0/21 originated by AS15535 created on 28 February 2025. That is exactly the kind of old trace that matters: the footprint has changed, but the continuity is not invented after the fact.

The dependency picture is more fragile. RIPE's AS-routing-consistency endpoint at https://stat.ripe.net/data/as-routing-consistency/data.json?resource=AS15535 showed the current BGP neighbour AS25151, Cyso Group B.V., present in BGP but not in the older RIPE import/export fields; those fields still name AS5400 and AS38930, while current BGP did not show them. RIPE's neighbour endpoint at https://stat.ripe.net/data/asn-neighbours/data.json?resource=AS15535 likewise showed one unique neighbour, AS25151. IPinfo's current page at https://ipinfo.io/AS15535 also lists Cyso Group B.V. as the upstream and shows no downstreams. This is not a diversified access network. It is a compact service network riding heavily on an upstream relationship.

That upstream dependence does not destroy value. Many small hosting and payment operators sensibly buy transit from a larger Dutch network rather than maintain a large peering estate. But it changes the risk. If the company's economic promise is reachability, then a single visible upstream and no public exchange or facility entries in PeeringDB are operationally material.

PeeringDB confirms the narrowness

PeeringDB is self-maintained, so it should not be treated as audited truth. It is still useful because it shows how the network chooses to present itself to other networks. The PeeringDB API at https://www.peeringdb.com/api/net?asn=15535 records Virtual Access Internet, also known as VirtualXS, as ASN 15535, website http://www.virtualxs.com, network type "Content," one IPv4 prefix, zero IPv6 prefixes, mostly outbound traffic, global scope, open general peering policy, and no public IX count or facility count. The netfac endpoint at https://www.peeringdb.com/api/netfac?net_id=3547 returns no facility records, and https://www.peeringdb.com/api/netixlan?asn=15535 returns no exchange LAN records.

That profile is revealing. "Content" plus "mostly outbound" is closer to hosting, payment pages and served web assets than to a retail access network where end users pull content in. Zero visible IPv6 in PeeringDB matches RIPE Stat's no-visible-IPv6 picture for current AS origin. No IX or facility records suggest that interconnection is not the main sales point. The public posture is therefore consistent with a legacy hosting and billing company that remains reachable through a provider relationship, not a network trying to sell peering density or wholesale transit.

This is where the old access name could mislead a buyer, partner or reader. Virtual Access Internet may once have sounded like the access layer. In 2026 the public evidence points to a service layer on top of a small routing identity. It has enough network control to operate nameservers, hosts and payment systems. It does not show the public infrastructure breadth of a modern regional ISP. The assignment of a "global" scope in PeeringDB also needs a plain reading: it likely reflects customer reach and web availability, not owned global points of presence.

The absence of public IPv6 is a strategic weakness. For many payment and hosting customers, IPv4 remains sufficient because browsers, card callbacks, legacy scripts and merchant systems still work. Yet a hosting provider without visible IPv6 origin is not showing the modernization signal that enterprise customers increasingly expect. That does not mean VirtualXS has no internal IPv6 capability, but the public routing and PeeringDB records do not evidence it. If the company wants to sell itself as more than a durable legacy provider, native IPv6 would be one of the clearest visible upgrades.

Route security is another open question. The public sources used here confirm route visibility and RIPE route records, but they do not give a full operational picture of filtering, route monitoring, abuse handling or RPKI posture from the company's own statements. For a tiny network with no downstreams visible in current third-party data, the blast radius is contained. For payment and hosting trust, however, route hygiene is still part of brand reliability. A misrouted payment page, unreachable cancellation form or stale DNS path can cause real merchant pain even if the incident looks small in global BGP tables.

The economic read is therefore balanced. AS15535 is too small to be a standalone strategic network asset. It is not too small to matter as a continuity asset for a payment-and-hosting business. In fact, the narrowness may be part of the model: fewer moving parts, fewer public dependencies to explain, and a legacy footprint that keeps long-running customer systems stable.

The payment product sells risk work, not just transactions

VXSBill's published price table makes sense only if the company is doing more than routing card data. A EUR 50 monthly website fee, EUR 100 monthly merchant-account fee and EUR 0.15 to EUR 0.50 per transaction would be hard to defend against low-friction processors unless the customer is buying risk handling, subscription mechanics, support, legacy integration and acquirer access. The VXS page says fraud scrubbing, 3-D Secure and transaction management are included at no additional fee, and that the company has been specializing in high-risk processing since 2000. That is a clear statement of economic niche at https://vxs.com/billing.php.

The value proposition is merchant survival. High-risk merchants do not simply need a checkout button. They need someone to help them avoid account termination, control chargebacks, keep recurring memberships working, recover declined customers where lawful, manage cancellations, track affiliates and keep payment pages stable across languages and geographies. VirtualXS says it supports one-click buy, recurring billing, cross-sales, member upgrades, member management and real-time member updates. Those functions are mundane, but they decide cash conversion in a subscription business.

The company's own wording about "cam/dating" sites on https://vxs.com/about.php should not be treated as a stigma; it should be treated as market segmentation. Adult, dating and membership categories have historically faced higher chargeback, reputational and bank-underwriting friction than ordinary retail. That is why providers such as CCBill, Epoch, SegPay and other specialized billers became known within those ecosystems. A provider with long experience in that market can be valuable because it understands bank partner tolerance, refund behavior, descriptor clarity, cancellation friction, fraud screening and affiliate-driven traffic risk.

Unofficial market traces support the niche reading without proving current volume. The Too Much Media NATS documentation at https://www.tmmwiki.com/index.php/NATS3 lists VXSBill among many biller integrations in an affiliate and membership software ecosystem. A 2010 Hacker News discussion at https://news.ycombinator.com/item?id=1724247 includes a developer recommending vxsbill.com alongside Epoch and CCBill while disclosing a personal connection. Those are not performance facts and they are old. They are market signals: VXSBill was known in precisely the kind of recurring, affiliate, adult-adjacent billing world its own website describes.

The risk side has become harder since that era. Visa's 2025 VAMP fact sheet at https://corporate.visa.com/content/dam/VCOM/corporate/visa-perspectives/security-and-trust/documents/visa-acquirer-monitoring-program-fact-sheet-2025.pdf says Visa now monitors fraud, dispute and enumeration levels each month and requires entities above thresholds to implement risk mitigation measures. The PCI Security Standards Council's page at https://www.pcisecuritystandards.org/standards/pci-dss/ describes PCI DSS as a baseline of technical and operational requirements for protecting payment-account data. The EBA and ECB payment-fraud report at https://www.eba.europa.eu/sites/default/files/2025-12/1709846a-84d9-47cf-86a0-b155efb34d66/EBA%20and%20ECB%20Report%20on%20Payment%20Fraud.pdf says card fraud remains materially cross-border, with a notable share of fraudulent card payments by value related to cross-border transactions outside the EEA in 2024. A niche PSP-support platform lives inside those pressures.

That is both opportunity and risk. Mainstream providers have more automation, compliance staff and bank relationships. A small specialist may win when the merchant needs human risk judgment, nonstandard membership flows and hosting proximity. It may lose when acquirers tighten, card networks penalize more aggressively, or regulators demand more formal proof than a legacy platform can cheaply produce.

Hosting is a trust annuity if the customer cannot move easily

VirtualXS's hosting page is not a modern cloud catalog. It is closer to a managed dedicated-server and co-location promise: bring equipment or let the company arrange it, rent secure rack space, buy connectivity, choose 95th percentile or flat-rate bandwidth, and rely on engineers to monitor, repair and act as proxy in the data center. The page at https://vxs.com/hosting.php even names Supermicro as the preferred server brand because of price and performance. That tells us the commercial model is physical and service-heavy, not just resale of elastic cloud instances.

This kind of hosting is less fashionable than hyperscale cloud, but it has durable customers. A merchant with custom payment code, older PHP applications, affiliate software, licensing systems, media assets or compliance-sensitive checkout pages may prefer a known dedicated environment over a migration to a mainstream cloud stack. The cost of change includes engineering time, certification review, DNS risk, payment callback risk, email deliverability and unknown behavior in old code. The provider's margin comes from that inertia, provided the service keeps working.

The FLAME monitoring claim is important because it signals an in-house control plane. VirtualXS says FLAME stands for Fault handling Logging Accounting Maintenance Engine and gives both engineers and customers a web-based view of network status, customer equipment and server management. There is no public demo to verify capability, but the fact that the company names a specific internal system rather than relying only on generic "24/7 support" language strengthens the evidence that hosting operations are central to the business.

Hosting costs, however, are moving against small operators. The European Commission's data-center energy page at https://energy.ec.europa.eu/topics/energy-efficiency/energy-efficiency-targets-directive-and-rules/energy-efficiency-directive/energy-performance-data-centres_en says data centers are a growing infrastructure category, that global data-center electricity consumption was about 415 TWh annually, and that projections point toward 945 TWh by 2030. The same page describes EU reporting obligations under the Energy Efficiency Directive. The Dutch RVO power-management guide at https://www.rvo.nl/files/file/2022-04/Guide%20Power%20Management%20for%20Data%20Centers%20-%20English.pdf describes Dutch obligations around energy-saving measures with payback periods of five years or less and power management for server rooms. These pressures affect facility owners directly and hosting customers indirectly through rack, power and compliance costs.

If VirtualXS leases space from another data-center provider, its cost base depends on that supplier's power pricing, reporting obligations and capacity constraints. If it operates its own facility, the burden is more direct. Public sources do not disclose which is true. The hosting page's language of "our data center" could mean owned, controlled or contracted space; without facility evidence, it should not be overread. PeeringDB's lack of public facility records also means the public cannot easily map the company's hosting estate.

The customer-facing value remains clear. VirtualXS sells not only rack and bandwidth but operational attention. A merchant with a weekend outage, a failing disk, a broken script or a payment-page issue may value a small team that understands its history more than a large vendor's scale. That is a real moat when the customer base is small and specialized. It is also a key-person and staffing risk if the team is thinner than the service promise requires.

Supplier dependency is the hidden balance sheet

Virtual Access Internet's public balance sheet is unavailable, so the supplier map has to be inferred from operating facts. On the network side, current routing evidence points to Cyso Group B.V. as the visible upstream. RIPE Stat's BGP-state paths for AS15535 at https://stat.ripe.net/data/bgp-state/data.json?resource=AS15535 repeatedly place AS25151 before AS15535 in observed paths, and IPinfo at https://ipinfo.io/AS15535 names Cyso as the upstream. That means the company's reachability depends materially on a larger Dutch network relationship, even though its own AS and address block remain visible.

On the payments side, VirtualXS says acquiring bank partners make payouts directly from merchant accounts and that VirtualXS is not in the financial flow. That lowers some balance-sheet risk, but it increases partner dependency. If an acquiring bank changes risk appetite, merchant category tolerance, reserve requirements, rolling-reserve terms, cross-border rules or chargeback thresholds, the merchant-facing platform has to absorb the commercial shock. The company may keep the relationship and software, but the ability to place or retain certain merchants belongs partly to banks and card networks.

On the compliance side, PCI and card-scheme rules are suppliers in another form. VirtualXS claims annual validation by a qualified security assessor on its billing page, but the public website does not publish the attestation. If current validation is in place, it is a core trust asset. If it is not current, the payment business would be exposed. The public cannot decide that from the marketing copy. The same is true for 3-D Secure, fraud screening and manual review: the website says they exist, but the outcome metrics are not public.

On the hosting side, hardware, rack space, power, cooling, bandwidth, monitoring, remote hands and domain/DNS continuity all feed the service. The domain evidence shows a cohesive self-hosted footprint: vxs.com, virtualxs.com and vxsbill.com resolve to 62.129.128.144, and their name-server estate uses virtualxs.com names. That is elegant, but it also means the company's own infrastructure is a concentrated dependency. A failure in its small network, DNS operations or upstream path would directly touch the public brand, payment product and hosting face at once.

This concentration is not automatically bad. For a compact company, owning the stack can be cheaper and more controllable than spreading across many SaaS vendors. But concentration should be priced honestly. A large platform can survive a regional provider failure with automatic failover. A small legacy platform may survive through operational knowledge, quick human action and long customer relationships. That can be enough, but it is a different risk profile.

The most useful framing is "supplier-constrained durability." Virtual Access Internet appears durable because it has held legal, domain, routing and service continuity for decades. It is constrained because each layer depends on a small set of upstreams, banks, card networks, data-center arrangements and staff knowledge. The company does not need to become large to remain viable. It does need each dependency to stay cooperative.

Competition comes from both ends of the stack

VirtualXS competes upward against mainstream payment platforms and sideways against specialized billers. In mainstream e-commerce, merchants can choose Stripe, Adyen, Mollie, PayPal/Braintree, Checkout.com and other providers with modern APIs, large compliance teams, global acquiring arrangements and extensive documentation. The Dutch Payments Association's PSD2 overview at https://www.betaalvereniging.nl/en/knowledge-base/european-legislation/psd2/ describes a European payment market built around greater competition, stronger security, transparency and new payment services. That environment favors large, regulated, well-capitalized payment players.

The niche defense is fit. A mainstream provider may reject or tightly control higher-risk categories, adult-adjacent membership flows, affiliate-heavy traffic, one-off legacy integrations or merchants with complex cancellation and rebill patterns. VirtualXS's own copy says it specializes in high-risk processing and membership websites. If it can place merchants responsibly, keep chargebacks contained and manage the operational mess that large self-serve providers dislike, it can earn fees that are not purely comparable to ordinary card processing rates.

Specialist competition is tougher because it understands the same problem. CCBill, Epoch, SegPay, RocketGate, Verotel and similar names have long served adult, dating, subscription and digital-content merchants. The NATS documentation page that lists VXSBill also lists many of those billers at https://www.tmmwiki.com/index.php/NATS3. In that world, reputation, approval ratios, reserve terms, support speed, cancellation handling and bank stability matter more than glossy product pages. Public evidence is too thin to rank VirtualXS against these rivals. Its survival is the signal, not dominance.

In hosting, competition is even broader. A merchant can run on hyperscale cloud, managed WordPress, low-cost VPS, dedicated hosting, boutique managed infrastructure or a colocated server. VirtualXS cannot win on global cloud breadth. It can win where payment integration, merchant history, data locality, direct engineering support and dedicated hosting are bundled. That is a smaller market, but it is not imaginary.

The pricing evidence suggests a premium-for-care model rather than a commodity model. VXSBill's per-transaction fee and monthly account/site fees are not the cheapest possible route for a low-risk merchant. The hosting page does not publish discount commodity prices. The company therefore likely depends on customers who value continuity and specialization. If too many customers become low-risk, API-friendly and cloud-native, VirtualXS loses relevance. If enough customers remain complex, legacy or risk-sensitive, the company can stay profitable without chasing volume.

The biggest competitive threat is not one named rival. It is normalization. If mainstream processors get better at handling formerly high-risk categories, if merchant software removes the need for specialized membership integrations, or if cloud hosting makes old dedicated setups too expensive, VirtualXS's niche narrows. If card rules, fraud trends and bank risk appetite make specialist judgment more valuable, the niche widens.

Regulation is both a moat and a trap

The payment-regulatory position has to be handled carefully because the public record does not prove exactly how VirtualXS is classified today. DNB says at https://www.dnb.nl/en/sector-information/open-book-supervision/open-book-supervision-sectors/payment-institutions/licensing-requirement-for-payment-service-providers-overview/ that anyone providing payment services in the Netherlands must hold the appropriate DNB license, be entered as exempt, or be excepted by law before starting operations. DNB's public register page at https://www.dnb.nl/en/public-register/register-of-payment-service-providers/ explains that the register includes licensed payment institutions, exempt institutions and EEA-passported providers. VirtualXS's own site says it is not in the financial flow and that bank partners pay merchants directly, which may be part of how it positions its role.

Research against DNB's public CSV downloads on 3 July 2026 did not show Virtual Access Internet, VXS or VirtualXS in the payment-institution register download at https://www.dnb.nl/en-GB/registerdownload/csv/WFTBI or the payment-processing-service-provider register download at https://www.dnb.nl/en-GB/registerdownload/csv/WFTAF. That absence should not be turned into an accusation. It may be consistent with a technical-service, hosting, gateway or bank-partner model; it may reflect naming; it may depend on exemption or scope. The important point for the economic case is narrower: payment regulation is material, and the exact regulatory perimeter would need confirmation before underwriting the business.

Europe's regulatory direction is not lighter. The Dutch Payments Association says PSD2 is being reshaped through PSD3 and the Payment Services Regulation, with goals including fraud protection, competition, uniform enforcement and stronger rights for payment institutions; it says the formal texts are expected to enter into force in early 2027, followed by implementation timelines, at https://www.betaalvereniging.nl/en/knowledge-base/european-legislation/psd2/. The European Parliament's 2025 release at https://www.europarl.europa.eu/news/en/press-room/20251121IPR31540/payment-services-deal-more-protection-from-online-fraud-and-hidden-fees says the PSR and PSD3 deal applies to payment services from banks and payment institutions, as well as technical service providers supporting payment services in some cases, and includes stronger fraud-prevention obligations and liability consequences.

For a small payment-support platform, that can create a moat. Merchants in complex categories may need specialists who understand authentication, cancellation, fraud screening, banking tolerances and card-scheme monitoring. Compliance work can justify higher fees. But the same rules can become a trap if the fixed cost of documentation, monitoring, audits, legal review and bank reporting rises faster than transaction volume.

The hosting side faces its own regulatory and political pressure. EU data-center transparency and Dutch energy-saving rules mean infrastructure operators and customers increasingly need to account for power, cooling and efficiency. If VirtualXS is below reporting thresholds, it may still be affected through suppliers. If it is above thresholds, reporting and efficiency obligations become direct cost and management work. Either way, the old model of "keep servers running in a room" is no longer just an engineering problem. It is an energy, compliance and reputational problem.

Regulation therefore does not tell a simple story. It favors trusted survivors and punishes informal operations. Virtual Access Internet has the survival record. The missing proof is whether its current compliance stack is as current as its website claims.

The customer signal is specialized and thin

Public customer evidence is limited. The company website says medium- and large-volume merchants are the target; it does not name them. The hosting page says customers can manage their own equipment and servers through FLAME; it does not publish case studies. PeeringDB says the traffic ratio is mostly outbound and the network type is content; it does not identify hosted customers. IPinfo at https://ipinfo.io/AS15535 says there are 831 domain names hosted across 53 IP addresses on the ASN, with the largest visible domain counts on 62.129.129.83, 62.129.135.155 and 62.129.129.100. That suggests live hosting use, but not the quality, revenue or customer concentration of that use.

Some third-party pages add texture. BrowserLeaks' lookup for ns6.virtualxs.com at https://browserleaks.com/ip/ns6.virtualxs.com identifies the IP as in the Netherlands, associated with Virtual Access Internet B.V. and AS15535, with corporate/business usage. MyIP.ms pages, including https://myip.ms/vxsbill.com, associate vxsbill.com with Virtual Access Internet B.V. in the Netherlands. Those are not primary evidence, but they corroborate that public web and DNS assets point back to the same network.

Unofficial chatter is also thin but directionally useful. The old Hacker News recommendation and NATS biller listing indicate that VXSBill was legible to online subscription and affiliate communities. The cancellation-support page at https://vxs.com/cancel_membership.php shows a customer-facing flow for membership cancellation tied to VXSBill. That matters because cancellation is central to recurring-billing trust. A biller in this niche that makes cancellation opaque can create chargebacks and reputational harm; a visible cancellation channel is a small but positive signal.

The evidence does not reveal customer concentration. This is a key uncertainty. A small processor can look stable from outside while depending on a handful of merchants. If one merchant category loses bank support, or a large merchant migrates, revenue can move quickly. The same applies to hosting: a few legacy dedicated customers can support a small team, but they can also leave a hole if they finally migrate.

The customer dependency is therefore asymmetric. VirtualXS may be highly valuable to particular customers precisely because it knows their integrations, risk patterns and hosting setup. But those customers may also be highly valuable to VirtualXS. Without public customer names, transaction volume or churn data, the best judgment is that the company has a specialized, not broad, demand surface.

This should not be framed as weakness alone. Narrow demand is not bad if retention is high and costs are controlled. The company's long survival implies some retention or recurring utility. The missing question is whether current demand is renewing or merely aging. A legacy provider can live comfortably for years on customers who do not want to move. It becomes vulnerable when the same customers retire systems faster than new ones arrive.

The strongest case for value

The bullish case starts with continuity. A company founded in 1999, a vxs.com domain registered in 1996, virtualxs.com registered in 1999, vxsbill.com registered in 2002, AS15535 created in RIPE in 2002, a live /21 IPv4 route, and a current website that still sells concrete services together form a better evidence chain than most tiny legacy internet names can offer. The website is simple, but the operating claims are specific: payment methods, pricing, fraud screening, recurring billing, member management, cancellation support, hosting, co-location, 95th-percentile bandwidth, monitoring and remote hands.

The value is also countercyclical in a subtle way. As mainstream payments become more automated, the merchants left outside the simplest onboarding channels often need more human judgment. As cloud becomes more standardized, old dedicated applications and special-purpose payment flows still need someone who will maintain them. As IPv4 becomes scarcer, stable address space and long-running DNS relationships retain utility. As regulation gets heavier, a provider with old bank and merchant knowledge may have a trust advantage if it can document current controls.

The business model can support a small company. VXSBill's monthly fees and per-transaction fees create recurring and usage-linked revenue. Hosting creates monthly recurring revenue through rack, bandwidth and support. Remote hands and consulting can add service fees. Fraud scrubbing and chargeback management create value that merchants can feel directly in retained revenue and account stability. The company does not need millions of end users; it needs enough medium-volume merchants and hosting customers who find the bundle safer than a move.

The network is right-sized for that thesis. A /21, a small AS and a single visible upstream would be inadequate for a national ISP, but they can be enough for a focused payment-and-hosting operator. The concentration lowers complexity. The age of the route and domains lowers migration pressure. The old access-network traces matter because they anchor continuity for systems that may have been integrated over many years.

The fact that the live web server identifies as EZBill in HTTP headers during research is a small additional signal. It suggests the billing identity is not merely a brochure label but part of the served operating environment. Headers alone do not prove architecture, but they fit the broader picture: this is a company whose public face, billing product and hosted network are intertwined.

In that bullish reading, Virtual Access Internet is a niche cash-flow business: not venture-scale, not a broad ISP, but useful to merchants and hosting customers who value continuity, specialized risk work and reachable infrastructure. That is a real economic position.

The strongest case against it

The bearish case is aging without visible renewal. The website's design and copy feel old. The RIPE import/export fields are stale relative to current BGP neighbour evidence. PeeringDB lists no facility or exchange records. Current public routing shows one IPv4 prefix, no visible IPv6, one upstream and no downstreams. There are no public financials, no named current customers, no current PCI attestation, no published acquiring partners, no uptime report, no clear employee base and no public roadmap. Those are not fatal, but they cap confidence.

The payment market has shifted heavily toward larger platforms. A modern merchant can often onboard with Stripe, Adyen, Mollie or PayPal faster than it can negotiate a specialist arrangement. Those platforms offer extensive APIs, dashboards, fraud products, tax and subscription add-ons, local payment methods and developer documentation. Their scale also gives them stronger bargaining power with card networks and regulators. VirtualXS must therefore win on merchant categories, personal support and legacy fit. If the market of merchants needing that combination shrinks, the company has limited public evidence of a second growth engine.

The regulatory perimeter is a second weakness. The company's own statement that it is not in the financial flow may be commercially sensible, but it means the bank partner relationship is central. If regulation starts to reach more technical service providers supporting payment services, as the European Parliament's PSR/PSD3 language suggests at https://www.europarl.europa.eu/news/en/press-room/20251121IPR31540/payment-services-deal-more-protection-from-online-fraud-and-hidden-fees, the company may face more scrutiny even if it is not the acquiring institution. A small platform can be squeezed between merchant needs and bank compliance requirements.

The infrastructure position is also exposed. A single visible upstream through Cyso may be adequate, but it gives outsiders little evidence of resilience. No visible IPv6 may not hurt today's legacy customers, but it weakens the modernization case. A compact, self-hosted domain and payment surface reduces vendor sprawl but concentrates failure risk. If vxs.com, virtualxs.com, vxsbill.com, the name servers and payment pages all depend on the same small network estate, then reachability incidents become brand incidents.

The unofficial signals are old. A 2010 Hacker News mention and a 2021-edited NATS documentation page are useful clues about past ecosystem awareness, not proof of 2026 momentum. The company may still serve valuable merchants, but public chatter does not demonstrate fresh adoption. A provider can remain profitable in quiet mode, especially in sensitive merchant categories, but the absence of visible demand makes the growth case speculative.

The strongest bearish summary is this: Virtual Access Internet may be a well-preserved specialist whose best years are behind it. Its assets can keep existing customers reachable, but without current proof of merchant volume, compliance standing, staff depth, data-center footprint and product modernization, those assets should be priced as durable maintenance value rather than expansion value.

The facts that would change the judgment

Several facts would materially move the assessment. The first is current merchant volume: number of active merchants, transaction count, gross processed volume, net revenue, chargeback rate, refund rate, fraud rate, approval rate and the share of revenue from high-risk categories. A small processor with excellent chargeback control and loyal merchants is much more valuable than a processor with declining volume and rising disputes.

The second is bank and regulatory status. Named acquiring-bank relationships, a current PCI DSS attestation, a clear explanation of whether VirtualXS acts as a technical service provider, gateway, payment institution, exempt provider or bank-supported platform, and evidence of ongoing compliance review would reduce the biggest uncertainty. DNB register absence is not enough to judge. The operating role needs direct confirmation.

The third is hosting footprint. Data-center locations, whether space is owned, leased or colocated, rack count, power commitments, bandwidth commitments, redundancy design, backup power, monitoring coverage, support response times and customer concentration would clarify whether hosting is a serious independent business or mainly support infrastructure for payment customers.

The fourth is network modernization. Native IPv6 visibility, updated RIPE import/export records, RPKI status, route monitoring, upstream diversity and documented incident response would shift AS15535 from "legacy continuity" toward "actively maintained network discipline." A second credible upstream or public facility listing would not be necessary for all customers, but it would make the reachability promise easier to trust.

The fifth is product renewal. Evidence that VXSBill has current 3-D Secure 2 support, modern fraud tooling, API documentation, updated reporting, language support that still works, and merchant onboarding that fits 2026 compliance would change the narrative from legacy survival to specialist modernization. Conversely, evidence that the platform is mainly preserving old integrations would confirm the maintenance-value thesis.

The sixth is customer churn. In this kind of business, churn tells the truth. If merchants stay for support quality and risk knowledge, VirtualXS has a moat. If they stay only because migration is painful, the moat is time-limited. If they leave when contracts renew or bank requirements change, the moat is already eroding.

Until those facts are visible, the appropriate public judgment is disciplined: Virtual Access Internet controls a small but coherent operating surface, not a broad access-network franchise. Its value lies in being reachable, trusted and specialized. Its risk lies in the same qualities becoming too narrow.

A compact evidence register

The legal identity is anchored by RIPE's ORG-VA9-RIPE record at https://rest.db.ripe.net/ripe/organisation/ORG-VA9-RIPE.json, the Dutch company-register mirror at https://www.bedrijvenregister.nl/uitgeest/virtual-access-internet-bv and Bloomberg LEI at https://lei.bloomberg.com/leis/view/7245008IXHQB6SIJND21. The operating brand and services are anchored by https://vxs.com/, https://vxs.com/about.php, https://vxs.com/billing.php, https://vxs.com/hosting.php, https://vxs.com/cancel_membership.php and https://vxs.com/aup.php.

The network evidence is anchored by RIPE's AS15535 record at https://rest.db.ripe.net/ripe/aut-num/AS15535.json, RIPE Stat current overview at https://stat.ripe.net/data/as-overview/data.json?resource=AS15535, announced prefix data at https://stat.ripe.net/data/announced-prefixes/data.json?resource=AS15535, routing status at https://stat.ripe.net/data/routing-status/data.json?resource=AS15535, neighbour data at https://stat.ripe.net/data/asn-neighbours/data.json?resource=AS15535, and PeeringDB at https://www.peeringdb.com/api/net?asn=15535. The key public network fact is current visibility of 62.129.128.0/21 under AS15535, with Cyso as the only visible current upstream and no visible IPv6 origin.

The payment and regulatory context is anchored by DNB's payment-service licensing overview at https://www.dnb.nl/en/sector-information/open-book-supervision/open-book-supervision-sectors/payment-institutions/licensing-requirement-for-payment-service-providers-overview/, DNB's payment-service register page at https://www.dnb.nl/en/public-register/register-of-payment-service-providers/, the Dutch Payments Association PSD2/PSD3 overview at https://www.betaalvereniging.nl/en/knowledge-base/european-legislation/psd2/, the European Parliament PSR/PSD3 deal release at https://www.europarl.europa.eu/news/en/press-room/20251121IPR31540/payment-services-deal-more-protection-from-online-fraud-and-hidden-fees, Visa's 2025 monitoring fact sheet at https://corporate.visa.com/content/dam/VCOM/corporate/visa-perspectives/security-and-trust/documents/visa-acquirer-monitoring-program-fact-sheet-2025.pdf and PCI DSS context at https://www.pcisecuritystandards.org/standards/pci-dss/.

The hosting and energy context is anchored by the VirtualXS hosting page, the European Commission data-center energy page at https://energy.ec.europa.eu/topics/energy-efficiency/energy-efficiency-targets-directive-and-rules/energy-efficiency-directive/energy-performance-data-centres_en, the IEA data-center electricity outlook at https://www.iea.org/reports/energy-and-ai/energy-demand-from-ai and the Dutch RVO power-management guide at https://www.rvo.nl/files/file/2022-04/Guide%20Power%20Management%20for%20Data%20Centers%20-%20English.pdf. Informal market signals are anchored by the NATS biller listing at https://www.tmmwiki.com/index.php/NATS3 and the 2010 Hacker News discussion at https://news.ycombinator.com/item?id=1724247, both treated only as signals of ecosystem awareness rather than verified current business facts.

The final call

Virtual Access Internet should be read as a legacy-continuity company with a still-useful operating surface. The old name, old domains, old AS and old payment niche are not weaknesses by themselves. In a business built around merchant trust, recurring billing and hosted systems that customers do not want to disturb, staying reachable is an economic product.

The company is not publicly legible as a growth ISP, a broad cloud platform or a major payment processor. It is publicly legible as a small Dutch provider that combines VXSBill payment support, managed hosting and AS15535 reachability. That combination can produce durable cash flow if current merchants still value the risk work and hosting support. It can also decay quietly if the customer base ages, bank partners tighten, IPv6 and compliance modernization lag, or mainstream payment platforms absorb more of the specialist market.

The investable lesson is broader than one company. Old network traces matter when they connect to live customers, live domains, live billing flows and live support obligations. They do not matter when they are only names in databases. Virtual Access Internet appears to be on the useful side of that line, but with a narrow margin of evidence. The public record supports a cautious positive judgment on durability and a hard discount for opacity.